CNNVD-ID编号 | CNNVD-200708-157 |
CVE编号 | CVE-2007-3843 |
发布时间 | 2007-08-09 |
更新时间 | 2007-10-25 |
漏洞类型 | 设计错误 |
漏洞来源 | The vendor disclosed this issue. |
危险等级 | 中危 |
威胁类型 | 远程 |
厂 商 | linux |
Linux kernel 2.6.23-rc1版本之前的版本检测对CIFS sec mount选项的错误全球自变量,这可能会允许远程攻击者骗取需要安全签字信息的网络流量,例如通过一个SetupAndX请求中的sec=ntlmv2i来获得。
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Linux kernel 2.6.20.2
Linux linux-2.6.22.4.tar.gz
http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.22.4.tar.gz
Linux kernel 2.6.11.4
Linux linux-2.6.22.4.tar.gz
http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.22.4.tar.gz
Debian Linux 4.0 mips
Debian linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch1_mips.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers
-2.6.18-5_2.6.18.dfsg.1-13etch1_mips.deb
Linux kernel 2.6.20-2
Linux linux-2.6.22.4.tar.gz
http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.22.4.tar.gz
Debian Linux 4.0 arm
Debian inux-headers-2.6.18-5_2.6.18.dfsg.1-13etch1_arm.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers
-2.6.18-5_2.6.18.dfsg.1-13etch1_arm.deb
Linux kernel 2.6.20.3
Linux linux-2.6.22.4.tar.gz
http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.22.4.tar.gz
Linux kernel 2.6.8.1
Linux linux-2.6.22.4.tar.gz
http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.22.4.tar.gz
Linux kernel 2.6 -test6
Linux patch-2.6.23-rc2.bz2
http://kernel.org/diff/diffview.cgi?file=%2Fpub%2Flinux%2Fkernel%2Fv2.
6%2Ftesting%2Fpatch-2.6.23-rc2.bz2
Linux kernel 2.6 -test4
Linux patch-2.6.23-rc2.bz2
http://kernel.org/diff/diffview.cgi?file=%2Fpub%2Flinux%2Fkernel%2Fv2.
6%2Ftesting%2Fpatch-2.6.23-rc2.bz2
Linux kernel 2.6 -test2
Linux patch-2.6.23-rc2.bz2
http://kernel.org/diff/diffview.cgi?file=%2Fpub%2Flinux%2Fkernel%2Fv2.
6%2Ftesting%2Fpatch-2.6.23-rc2.bz2
Linux kernel 2.6 -test9-CVS
Linux patch-2.6.23-rc2.bz2
http://kernel.org/diff/diffview.cgi?file=%2Fpub%2Flinux%2Fkernel%2Fv2.
6%2Ftesting%2Fpatch-2.6.23-rc2.bz2
Linux kernel 2.6 -test7
Linux patch-2.6.23-rc2.bz2
http://kernel.org/diff/diffview.cgi?file=%2Fpub%2Flinux%2Fkernel%2Fv2.
6%2Ftesting%2Fpatch-2.6.23-rc2.bz2
Linux kernel 2.6 -test9
Linux patch-2.6.23-rc2.bz2
http://kernel.org/diff/diffview.cgi?file=%2Fpub%2Flinux%2Fkernel%2Fv2.
6%2Ftesting%2Fpatch-2.6.23-rc2.bz2
Linux kernel 2.6.1 -rc2
Linux patch-2.6.23-rc2.bz2
http://kernel.org/diff/diffview.cgi?file=%2Fpub%2Flinux%2Fkernel%2Fv2.
6%2Ftesting%2Fpatch-2.6.23-rc2.bz2
Linux kernel 2.6.1
Linux patch-2.6.23-rc2.bz2
http://kernel.org/diff/diffview.cgi?file=%2Fpub%2Flinux%2Fkernel%2Fv2.
6%2Ftesting%2Fpatch-2.6.23-rc2.bz2
Linux kernel 2.6.10 rc2
Linux patch-2.6.23-rc2.bz2
http://kernel.org/diff/diffview.cgi?file=%2Fpub%2Flinux%2Fkernel%2Fv2.
6%2Ftesting%2Fpatch-2.6.23-rc2.bz2
Linux kernel 2.6.11
Linux patch-2.6.23-rc2.bz2
http://kernel.org/diff/diffview.cgi?file=%2Fpub%2Flinux%2Fkernel%2Fv2.
6%2Ftesting%2Fpatch-2.6.23-rc2.bz2
Linux kernel 2.6.11 -rc3
Linux patch-2.6.23-rc2.bz2
http://kernel.org/diff/diffview.cgi?file=%2Fpub%2Flinux%2Fkernel%2Fv2.
6%2Ftesting%2Fpatch-2.6.23-rc2.bz2
Linux kernel 2.6.11 .11
Linux patch-2.6.23-rc2.bz2
http://kernel.org/diff/diffview.cgi?file=%2Fpub%2Flinux%2Fkernel%2Fv2.
6%2Ftesting%2Fpatch-2.6.23-rc2.bz2
Linux kernel 2.6.12 .4
Linux patch-2.6.23-rc2.bz2
http://kernel.org/diff/diffview.cgi?file=%2Fpub%2Flinux%2Fkernel%2Fv2.
6%2Ftesting%2Fpatch-2.6.23-rc2.bz2
Linux kernel 2.6.12 .1
Linux patch-2.6.23-rc2.bz2
http://kernel.org/diff/diffview.cgi?file=%2Fpub%2Flinux%2Fkernel%2Fv2.
6%2Ftesting%2Fpatch-2.6.23-rc2.bz2
Linux kernel 2.6.12 -rc4
Linux patch-2.6.23-rc2.bz2
http://kernel.org/diff/diffview.cgi?file=%2Fpub%2Flinux%2Fkernel%2Fv2.
6%2Ftesting%2Fpatch-2.6.23-rc2.bz2
Linux kernel 2.6.12 .12
Linux patch-2.6.23-rc2.bz2
http://kernel.org/diff/diffview.cgi?file=%2Fpub%2Flinux%2Fkernel%2Fv2.
6%2Ftesting%2Fpatch-2.6.23-rc2.bz2
Linux kernel 2.6.12 .22
Linux patch-2.6.23-rc2.bz2
http://kernel.org/diff/diffview.cgi?file=%2Fpub%2Flinux%2Fkernel%2Fv2.
6%2Ftesting%2Fpatch-2.6.23-rc2.bz2
Linux patch-2.6.23-rc2.bz2
http://kernel.org/diff/diffview.cgi?file=%2Fpub%2Flinux%2Fkernel%2Fv2.
6%2Ftesting%2Fpatch-2.6.23-rc2.bz2
Linux kernel 2.6.13 -rc4
Linux patch-2.6.23-rc2.
来源: SECUNIA
名称: 26366
来源: kernel.org
链接:http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.23-rc1
来源: bugzilla.redhat.com
链接:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=246595
来源: UBUNTU
名称: USN-510-1
来源: BID
名称: 25244
来源: REDHAT
名称: RHSA-2007:0939
来源: REDHAT
名称: RHSA-2007:0705
来源: DEBIAN
名称: DSA-1363
来源: support.avaya.com
链接:http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm
来源: SECUNIA
名称: 28806
来源: SECUNIA
名称: 27912
来源: SECUNIA
名称: 27747
来源: SECUNIA
名称: 27436
来源: SECUNIA
名称: 26760
来源: SECUNIA
名称: 26647
来源: SUSE
名称: SUSE-SA:2008:006
链接:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html