BDU:2015-03182

Опубликовано: 01 янв. 2015

Источник: fstec

CVSS2: 7.8

EPSS Низкий

Описание

Множественные уязвимости пакета kernel-headers-2.4.27-3-itanium операционной системы Debian GNU/Linux, эксплуатация которых может привести к нарушению доступности защищаемой информации. Эксплуатация уязвимостей может быть осуществлена удаленно

Вендор

Сообщество свободного программного обеспечения

Наименование ПО

Debian GNU/Linux

Версия ПО

до 3.1 (Debian GNU/Linux)

Тип ПО

Операционная система

Операционные системы и аппаратные платформы

Уровень опасности уязвимости

Высокий уровень опасности (базовая оценка CVSS 2.0 составляет 7,8)

Возможные меры по устранению уязвимости

Проблема может быть решена обновлением операционной системы до следующих версий пакетов в зависимости от архитектуры:

Debian GNU/Linux 3.1:

ppc:

kernel-patch-2.4.27-powerpc - 2.4.27-10sarge2

kernel-headers-2.4.27-powerpc - 2.4.27-10sarge2

kernel-image-2.4.27-nubus - 2.4.27-10sarge2

kernel-image-2.4.27-powerpc-small - 2.4.27-10sarge2

kernel-patch-2.4.27-nubus - 2.4.27-10sarge2

kernel-patch-2.4.27-apus - 2.4.27-10sarge2

kernel-image-2.4.27-apus - 2.4.27-10sarge2

kernel-build-2.4.27-powerpc-small - 2.4.27-10sarge2

kernel-image-2.4.27-powerpc - 2.4.27-10sarge2

kernel-build-2.4.27-apus - 2.4.27-10sarge2

kernel-build-2.4.27-powerpc - 2.4.27-10sarge2

kernel-headers-2.4.27-nubus - 2.4.27-10sarge2

kernel-image-2.4.27-powerpc-smp - 2.4.27-10sarge2

kernel-headers-2.4.27-apus - 2.4.27-10sarge2

kernel-build-2.4.27-powerpc-smp - 2.4.27-10sarge2

kernel-build-2.4.27-nubus - 2.4.27-10sarge2

s390x:

kernel-image-2.4-s390x - 2.4.27-1sarge1

kernel-image-2.4.27-3-s390 - 2.4.27-2sarge2

kernel-image-2.4-s390 - 2.4.27-1sarge1

kernel-image-2.4.27-3-s390x - 2.4.27-2sarge2

kernel-headers-2.4.27-3 - 2.4.27-2sarge2

kernel-headers-2.4-s390 - 2.4.27-1sarge1

kernel-image-2.4.27-3-s390-tape - 2.4.27-2sarge2

m68k:

kernel-image-2.4.27-mvme147 - 2.4.27-3sarge2

kernel-image-2.4.27-amiga - 2.4.27-3sarge2

kernel-image-2.4.27-mvme16x - 2.4.27-3sarge2

kernel-image-2.4.27-bvme6000 - 2.4.27-3sarge2

kernel-image-2.4.27-q40 - 2.4.27-3sarge2

kernel-image-2.4.27-atari - 2.4.27-3sarge2

kernel-image-2.4.27-mac - 2.4.27-3sarge2

i686:

kernel-image-2.4.27-speakup - 2.4.27-1.1sarge1

kernel-headers-2.4.27-3 - 2.4.27-10sarge2

kernel-image-2.4.27-3-686 - 2.4.27-10sarge2

kernel-headers-2.4-686-smp - 101sarge1

lm-sensors-2.4.27-3-k6 - 2.9.1-1sarge3

kernel-image-2.4-k6 - 101sarge1

kernel-headers-2.4.27-3-586tsc - 2.4.27-10sarge2

pcmcia-modules-2.4.27-3-k7 - 3.2.5+2sarge1

kernel-image-2.4.27-3-386 - 2.4.27-10sarge2

kernel-headers-2.4.27-3-k7-smp - 2.4.27-10sarge2

kernel-pcmcia-modules-2.4-386 - 101sarge1

lm-sensors-2.4.27-3-586tsc - 2.9.1-1sarge3

kernel-pcmcia-modules-2.4.27-3-386 - 2.4.27-10sarge2

lm-sensors-2.4.27-3-686-smp - 2.9.1-1sarge3

kernel-image-2.4-586tsc - 101sarge1

pcmcia-modules-2.4.27-3-686-smp - 3.2.5+2sarge1

pcmcia-modules-2.4.27-3-386 - 3.2.5+2sarge1

pcmcia-modules-2.4.27-3-586tsc - 3.2.5+2sarge1

kernel-pcmcia-modules-2.4.27-3-k7 - 2.4.27-10sarge2

kernel-headers-2.4-386 - 101sarge1

kernel-pcmcia-modules-2.4.27-3-686 - 2.4.27-10sarge2

kernel-headers-2.4.27-3-386 - 2.4.27-10sarge2

kernel-headers-2.4-686 - 101sarge1

kernel-image-2.4.27-3-586tsc - 2.4.27-10sarge2

mindi-kernel - 2.4.27-2sarge1

i2c-2.4.27-3-386 - 2.9.1-1sarge1

lm-sensors-2.4.27-3-386 - 2.9.1-1sarge3

kernel-pcmcia-modules-2.4.27-3-k7-smp - 2.4.27-10sarge2

kernel-headers-2.4-k7-smp - 101sarge1

kernel-pcmcia-modules-2.4.27-3-586tsc - 2.4.27-10sarge2

kernel-image-2.4.27-3-k7-smp - 2.4.27-10sarge2

kernel-image-2.4-k7 - 101sarge1

pcmcia-modules-2.4.27-3-686 - 3.2.5+2sarge1

i2c-2.4.27-3-k6 - 2.9.1-1sarge1

kernel-headers-2.4-586tsc - 101sarge1

kernel-pcmcia-modules-2.4-k7-smp - 101sarge1

kernel-headers-2.4.27-3-686 - 2.4.27-10sarge2

kernel-pcmcia-modules-2.4-586tsc - 101sarge1

kernel-pcmcia-modules-2.4.27-3-k6 - 2.4.27-10sarge2

kernel-pcmcia-modules-2.4-686 - 101sarge1

kernel-image-2.4-386 - 101sarge1

kernel-image-2.4-686 - 101sarge1

kernel-image-2.4-686-smp - 101sarge1

kernel-image-2.4-k7-smp - 101sarge1

kernel-pcmcia-modules-2.4-686-smp - 101sarge1

libsensors-dev - 2.9.1-1sarge3

kernel-image-2.4.27-3-k6 - 2.4.27-10sarge2

i2c-2.4.27-3-k7-smp - 2.9.1-1sarge1

kernel-pcmcia-modules-2.4-k6 - 101sarge1

kernel-pcmcia-modules-2.4-k7 - 101sarge1

i2c-2.4.27-3-586tsc - 2.9.1-1sarge1

kernel-image-2.4.27-3-686-smp - 2.4.27-10sarge2

lm-sensors-2.4.27-3-686 - 2.9.1-1sarge3

sensord - 2.9.1-1sarge3

pcmcia-modules-2.4.27-3-k6 - 3.2.5+2sarge1

kernel-pcmcia-modules-2.4.27-3-686-smp - 2.4.27-10sarge2

kernel-headers-2.4.27-speakup - 2.4.27-1.1sarge1

kernel-headers-2.4.27-3-686-smp - 2.4.27-10sarge2

lm-sensors-2.4.27-3-k7 - 2.9.1-1sarge3

kernel-headers-2.4.27-3-k6 - 2.4.27-10sarge2

lm-sensors - 2.9.1-1sarge3

kernel-headers-2.4-k6 - 101sarge1

i2c-2.4.27-3-686 - 2.9.1-1sarge1

i2c-2.4.27-3-686-smp - 2.9.1-1sarge1

kernel-build-2.4.27-3 - 2.4.27-10sarge2

lm-sensors-2.4.27-3-k7-smp - 2.9.1-1sarge3

i2c-2.4.27-3-k7 - 2.9.1-1sarge1

kernel-image-2.4.27-3-k7 - 2.4.27-10sarge2

kernel-headers-2.4-k7 - 101sarge1

pcmcia-modules-2.4.27-3-k7-smp - 3.2.5+2sarge1

kernel-headers-2.4.27-3-k7 - 2.4.27-10sarge2

libsensors3 - 2.9.1-1sarge3

sparc:

kernel-image-2.4-sparc32 - 42sarge1

kernel-image-2.4.27-3-sparc32-smp - 2.4.27-9sarge2

kernel-image-2.4-sparc64-smp - 42sarge1

kernel-image-2.4.27-3-sparc32 - 2.4.27-9sarge2

kernel-headers-2.4.27-3-sparc64-smp - 2.4.27-9sarge2

kernel-headers-2.4.27-3-sparc32 - 2.4.27-9sarge2

kernel-headers-2.4.27-3-sparc64 - 2.4.27-9sarge2

kernel-build-2.4.27-3 - 2.4.27-9sarge2

kernel-image-2.4-sparc32-smp - 42sarge1

kernel-headers-2.4-sparc32-smp - 42sarge1

kernel-image-2.4.27-3-sparc64 - 2.4.27-9sarge2

kernel-image-2.4.27-3-sparc64-smp - 2.4.27-9sarge2

kernel-image-2.4-sparc64 - 42sarge1

kernel-headers-2.4-sparc64 - 42sarge1

kernel-headers-2.4.27-3-sparc32-smp - 2.4.27-9sarge2

kernel-headers-2.4-sparc32 - 42sarge1

kernel-headers-2.4-sparc64-smp - 42sarge1

kernel-headers-2.4.27-3 - 2.4.27-9sarge2

alpha:

kernel-headers-2.4.27-3 - 2.4.27-10sarge2

kernel-image-2.4-smp - 101sarge1

kernel-image-2.4-generic - 101sarge1

kernel-image-2.4.27-3-generic - 2.4.27-10sarge2

kernel-image-2.4.27-3-smp - 2.4.27-10sarge2

kernel-headers-2.4.27-3-generic - 2.4.27-10sarge2

kernel-headers-2.4-generic - 101sarge1

kernel-build-2.4.27-3 - 2.4.27-10sarge2

kernel-headers-2.4.27-3-smp - 2.4.27-10sarge2

kernel-headers-2.4-smp - 101sarge1

ia64:

kernel-image-2.4.27-3-mckinley-smp - 2.4.27-10sarge2

kernel-image-2.4.27-3-itanium-smp - 2.4.27-10sarge2

kernel-image-2.4-mckinley - 2.4.27-10sarge2

kernel-headers-2.4.27-3-itanium-smp - 2.4.27-10sarge2

kernel-headers-2.4.27-3-mckinley-smp - 2.4.27-10sarge2

kernel-image-2.4-itanium - 2.4.27-10sarge2

kernel-build-2.4.27-3 - 2.4.27-10sarge2

kernel-headers-2.4.27-3-itanium - 2.4.27-10sarge2

kernel-image-2.4-mckinley-smp - 2.4.27-10sarge2

kernel-headers-2.4.27-3 - 2.4.27-10sarge2

kernel-image-2.4-itanium-smp - 2.4.27-10sarge2

kernel-image-2.4.27-3-mckinley - 2.4.27-10sarge2

kernel-headers-2.4.27-3-mckinley - 2.4.27-10sarge2

kernel-image-2.4.27-3-itanium - 2.4.27-10sarge2

mips:

kernel-image-2.4.27-r5k-ip22 - 2.4.27-10.sarge2.040815-1

kernel-image-2.4.27-r4k-ip22 - 2.4.27-10.sarge2.040815-1

kernel-image-2.4.27-sb1-swarm-bn - 2.4.27-10.sarge2.040815-1

kernel-headers-2.4.27 - 2.4.27-10.sarge2.040815-1

mips-tools - 2.4.27-10.sarge2.040815-1

noarch:

kernel-patch-debian-2.4.27 - 2.4.27-10sarge2

lm-sensors-source - 2.9.1-1sarge3

kernel-doc-2.4.27-speakup - 2.4.27-1.1sarge1

systemimager-boot-ia64-standard - 3.2.3-6sarge1

systemimager-boot-i386-standard - 3.2.3-6sarge1

i2c-source - 2.9.1-1sarge1

kernel-doc-2.4.27 - 2.4.27-10sarge2

kernel-tree-2.4.27 - 2.4.27-10sarge2

systemimager-common - 3.2.3-6sarge1

systemimager-doc - 3.2.3-6sarge1

kernel-patch-2.4-i2c - 2.9.1-1sarge1

systemimager-server - 3.2.3-6sarge1

kernel-source-2.4.27 - 2.4.27-10sarge2

systemimager-client - 3.2.3-6sarge1

systemimager-server-flamethrowerd - 3.2.3-6sarge1

kernel-patch-2.4-lm-sensors - 2.9.1-1sarge3

mipsel:

kernel-image-2.4.27-r5k-lasat - 2.4.27-10.sarge2.040815-1

kernel-image-2.4.27-r5k-cobalt - 2.4.27-10.sarge2.040815-1

kernel-image-2.4.27-xxs1500 - 2.4.27-10.sarge2.040815-1

kernel-image-2.4.27-r4k-kn04 - 2.4.27-10.sarge2.040815-1

mips-tools - 2.4.27-10.sarge2.040815-1

kernel-image-2.4.27-r3k-kn02 - 2.4.27-10.sarge2.040815-1

kernel-image-2.4.27-sb1-swarm-bn - 2.4.27-10.sarge2.040815-1

kernel-headers-2.4.27 - 2.4.27-10.sarge2.040815-1

arm:

kernel-headers-2.4.27 - 2.4.27-2sarge2

kernel-image-2.4.27-riscpc - 2.4.27-2sarge2

kernel-image-2.4.27-riscstation - 2.4.27-2sarge2

kernel-image-2.4.27-netwinder - 2.4.27-2sarge2

kernel-image-2.4.27-lart - 2.4.27-2sarge2

kernel-build-2.4.27 - 2.4.27-2sarge2

kernel-image-2.4.27-bast - 2.4.27-2sarg

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 35%

0.00139

Низкий

7.8 High

CVSS2

Связанные уязвимости

CVE-2005-4618

ubuntu

больше 19 лет назад

Buffer overflow in sysctl in the Linux Kernel 2.6 before 2.6.15 allows local users to corrupt user memory and possibly cause a denial of service via a long string, which causes sysctl to write a zero byte outside the buffer. NOTE: since the sysctl is called from a userland program that provides the argument, this might not be a vulnerability, unless a legitimate user-assisted or setuid scenario can be identified.