Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name CVE-2007-5938 First vendor Publication 2007-12-06
Vendor Cve Last vendor Modification 2023-11-07

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The iwl_set_rate function in compatible/iwl3945-base.c in iwlwifi 1.1.21 and earlier dereferences an iwl_get_hw_mode return value without checking for NULL, which might allow remote attackers to cause a denial of service (kernel panic) via unspecified vectors during module initialization.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5938

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-189 Numeric Errors (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10787
 
Oval ID: oval:org.mitre.oval:def:10787
Title: The iwl_set_rate function in compatible/iwl3945-base.c in iwlwifi 1.1.21 and earlier dereferences an iwl_get_hw_mode return value without checking for NULL, which might allow remote attackers to cause a denial of service (kernel panic) via unspecified vectors during module initialization.
Description: The iwl_set_rate function in compatible/iwl3945-base.c in iwlwifi 1.1.21 and earlier dereferences an iwl_get_hw_mode return value without checking for NULL, which might allow remote attackers to cause a denial of service (kernel panic) via unspecified vectors during module initialization.
Family: unix Class: vulnerability
Reference(s): CVE-2007-5938
 Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Hardware 1
Hardware 1

OpenVAS Exploits

Date Description
2009-03-06 Name : RedHat Update for kernel RHSA-2008:0154-01
File : nvt/gb_RHSA-2008_0154-01_kernel.nasl
2009-02-17 Name : Fedora Update for kernel FEDORA-2008-0742
File : nvt/gb_fedora_2008_0742_kernel_fc7.nasl
2009-02-17 Name : Fedora Update for kernel FEDORA-2008-0748
File : nvt/gb_fedora_2008_0748_kernel_fc8.nasl
2009-02-17 Name : Fedora Update for kernel FEDORA-2008-0958
File : nvt/gb_fedora_2008_0958_kernel_fc7.nasl
2009-02-17 Name : Fedora Update for kernel FEDORA-2008-0984
File : nvt/gb_fedora_2008_0984_kernel_fc8.nasl
2009-02-17 Name : Fedora Update for kernel FEDORA-2008-3873
File : nvt/gb_fedora_2008_3873_kernel_fc8.nasl
2009-02-17 Name : Fedora Update for kernel FEDORA-2008-4043
File : nvt/gb_fedora_2008_4043_kernel_fc7.nasl
2009-02-17 Name : Fedora Update for kernel FEDORA-2008-5454
File : nvt/gb_fedora_2008_5454_kernel_fc8.nasl
2009-02-16 Name : Fedora Update for kernel FEDORA-2008-1422
File : nvt/gb_fedora_2008_1422_kernel_fc7.nasl
2009-02-16 Name : Fedora Update for kernel FEDORA-2008-1423
File : nvt/gb_fedora_2008_1423_kernel_fc8.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
44749 iwlwifi compatible/iwl3945-base.c iwl_set_rate Function Module Initialization...

Nessus® Vulnerability Scanner

Date Description
2014-11-26 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2008-2005.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0154.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20080305_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0154.nasl - Type : ACT_GATHER_INFO
2008-03-07 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0154.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://www.intellinuxwireless.org/repos/?p=iwlwifi.git%3Ba=commitdiff%3Bh=25d...
Source Url
BID http://www.securityfocus.com/bid/26842
CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=199209
MISC http://article.gmane.org/gmane.linux.drivers.ipw3945.devel/1618
OSVDB http://osvdb.org/44749
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
REDHAT http://www.redhat.com/support/errata/RHSA-2008-0154.html
SECUNIA http://secunia.com/advisories/29236
VUPEN http://www.vupen.com/english/advisories/2007/4211

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
Date Informations
2023-11-07 21:47:53
  • Multiple Updates
2021-05-04 12:06:39
  • Multiple Updates
2021-04-22 01:07:10
  • Multiple Updates
2020-05-23 00:20:45
  • Multiple Updates
2017-09-29 09:23:17
  • Multiple Updates
2016-06-28 17:03:16
  • Multiple Updates
2016-04-26 16:48:10
  • Multiple Updates
2014-11-27 13:27:15
  • Multiple Updates
2014-02-17 10:42:34
  • Multiple Updates
2013-05-11 10:42:00
  • Multiple Updates