·	没有路由密码权限时的鸽子	08-23	·	三种方法教你查看计算机的	12-01
·	万网虚拟机漏洞黑客获得VI	11-30	·	网络管理员对付DDoS攻击的	11-30
·	关于工作组环境下对单独用	11-28	·	U盘安装光盘版WINXP.ISO的	11-28
·	使用System Center部Win 2	11-28	·	另类技巧：使用DOS收发MAI	11-28
·	两种制作系统快速启动的方	11-28	·	渗透本地网通主站	11-26
·	对某软件公司的一次安全检	11-26	·	注入MSSQL 2005的工具- JC	11-26
·	攻防实战步步渗透网站获得	11-25	·	登录服务器失败，Win2008自	11-25
·	激发潜能逼出Vista防火墙	11-25	·	xKungfoo上的网马猥亵技巧	11-22
·	系统自带不起眼但又很强的	11-22	·	IP和MAC捆绑的破解	11-21
·	揭秘Windows系统的四个后门	11-21	·	Win2008网络访问保护把关	11-21
·	玩转Win2008系统命令秀出网	11-20	·	Windows XP系统的五大变形	11-20
·	恢复系统的闪存也能随便借	11-20	·	Web安全测试之跨站请求伪造	11-20
·	利用跨站脚本攻击(XSS)摧毁	11-20	·	对韩国某CMS的一次安全检测	11-20
·	挖掘Cookies背后安全隐患	11-20	·	Restful风格WEB架构需要注	11-20

Ubuntu发现影响所有版本内核安全漏洞

荐 ★★★★★

Ubuntu发现影响所有版本内核安全漏洞

文章整理发布：黑客风云文章来源：www.05112.com 更新时间：2008-12-1 10:30:32

　　11月27日,Ubuntu开发者为6.06 LTS, 7.10, 8.04 LTS以及8.10这几个版本发布了重要安全更新,补丁修复了9个内核安全安全问题,因此强烈建议Ubuntu用户尽快升级自己的系统.
　　内核安全漏洞列表
　　1. The Xen hypervisor block driver couldn't accurately validate incoming requests. Therefore, a user with root privileges could crash a system and cause a DoS (Denial of Service) attack by executing malicious I/O requests. This issue affects only Ubuntu 7.10.
　　2. The i915 video driver couldn't accurately validate memory addresses. Therefore, an attacker could remap memory and cause a system crash, leading to a DoS (Denial of Service) attack. Ubuntu 6.06 LTS, 7.10 and 8.04 LTS users are not affected by this issue. Ubuntu 8.10 users should update their systems to correct this vulnerability!
　　3. When files were created in the setgid directories, the Linux kernel package couldn't accurately strip permissions. Because of this, a local user could gain extra group privileges. This issue was discovered by David Watson and it affects only Ubuntu 6.06 LTS users!
　　4. When file splice requests were handled, the Linux kernel package couldn't accurately reject the "append" flag. Therefore, a local attacker could create changes to random locations in a file by bypassing the append mode. This issue was discovered by Olaf Kirch and Miklos Szeredi, and affects only Ubuntu 7.10 and 8.04 LTS users!
　　5. The SCTP stack couldn't accurately handle INIT-ACK. Because of this, a remote user could send specially crafted SCTP traffic and crash the system, leading to a DoS (Denial of Service) attack. This issue affects only Ubuntu 8.10 users!
　　6. The SCTP stack couldn't accurately handle the length of bad packets. Because of this, a remote user could send specially crafted SCTP traffic and crash the system, leading to a DoS (Denial of Service) attack. This issue affects only Ubuntu 8.10 users!
　　7. The HFS+ filesystem had several flaws. Because of this, a user could be tricked to mount a malicious HFS+ filesystem, which could lead to a DoS (Denial of Service) attack and crash the system. This issue was discovered by Eric Sesterhenn, and affects all Ubuntu users!
　　8. The Unix Socket handler couldn't accurately process the SCM_RIGHTS message. Therefore, a local attacker could create a malicious socket request and crash the system, leading to a DoS (Denial of Service) attack. This issue affects all Ubuntu users!
　　9. The i2c audio driver couldn't accurately validate several function pointers. Therefore, a local users could obtain root privileges and crash the system, leading to a DoS (Denial of Service) attack. This issue affects all Ubuntu users!
　　Ubuntu 6.06 LTS 要将内核升级到linux-image-2.6.15-53.74
　　Ubuntu 7.10 要将内核升级到 linux-image-2.6.22-16.60
　　Ubuntu 8.04 LTS 要将内核升级到 LTS linux-image-2.6.24-22.45
　　Ubuntu 8.10 要将内核升级到 linux-image-2.6.27-9.19

新闻录入：cainiaowang 责任编辑：xinlian

上一篇新闻：微软windows蠕虫现身漏洞威胁趋势攀升

下一篇新闻：手机最新恶意软件排行榜

【字体：小大】

手机最新恶意软件排行榜	12-01
Ubuntu发现影响所有版本内核安全	12-01
微软windows蠕虫现身漏洞威胁趋	12-01
Doctor Web发布邮件病毒警报	12-01
ffdshow超长URL链接缓冲区溢出漏	12-01
苹果开始推荐Mac OS X反病毒软件	12-01
孟买恐怖分子用黑莓手机监控警方	12-01
两大核心业务免费直降腾讯收益	12-01
实拍越南手机店高手硬件解锁iPho	12-01
美军称俄罗斯黑客攻击其网络系统	12-01