Executive Summary
Summary | |
---|---|
Title | kernel security and bug fix update |
Informations | |||
---|---|---|---|
Name | RHSA-2007:0169 | First vendor Publication | 2007-04-30 |
Vendor | RedHat | Last vendor Modification | 2007-04-30 |
Severity (Vendor) | Important | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated kernel packages that fix security issues and bugs in the Red Hat Enterprise Linux 5 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 3. Problem description: The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the following security issues: * a flaw in the IPv6 socket option handling that allowed a local user to read arbitrary kernel memory (CVE-2007-1000, Important). * a flaw in the IPv6 socket option handling that allowed a local user to cause a denial of service (CVE-2007-1388, Important). * a flaw in the utrace support that allowed a local user to cause a denial of service (CVE-2007-0771, Important). In addition to the security issues described above, a fix for a memory leak in the audit subsystem and a fix for a data corruption bug on s390 systems have been included. Red Hat Enterprise Linux 5 users are advised to upgrade to these erratum packages, which are not vulnerable to these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 228816 - CVE-2007-0771 utrace regression / denial of service 232255 - CVE-2007-1388 NULL pointer dereference in do_ipv6_setsockopt 232257 - CVE-2007-1000 NULL pointer hole in ipv6 233157 - Kernel memory leak in audit subsystem |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2007-0169.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-399 | Resource Management Errors |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10015 | |||
Oval ID: | oval:org.mitre.oval:def:10015 | ||
Title: | The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c in the Linux kernel before 2.6.20.2 allows local users to read arbitrary kernel memory via certain getsockopt calls that trigger a NULL dereference. | ||
Description: | The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c in the Linux kernel before 2.6.20.2 allows local users to read arbitrary kernel memory via certain getsockopt calls that trigger a NULL dereference. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-1000 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11509 | |||
Oval ID: | oval:org.mitre.oval:def:11509 | ||
Title: | The do_ipv6_setsockopt function in net/ipv6/ipv6_sockglue.c in Linux kernel before 2.6.20, and possibly other versions, allows local users to cause a denial of service (oops) by calling setsockopt with the IPV6_RTHDR option name and possibly a zero option length or invalid option value, which triggers a NULL pointer dereference. | ||
Description: | The do_ipv6_setsockopt function in net/ipv6/ipv6_sockglue.c in Linux kernel before 2.6.20, and possibly other versions, allows local users to cause a denial of service (oops) by calling setsockopt with the IPV6_RTHDR option name and possibly a zero option length or invalid option value, which triggers a NULL pointer dereference. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-1388 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21770 | |||
Oval ID: | oval:org.mitre.oval:def:21770 | ||
Title: | ELSA-2007:0169: kernel security and bug fix update (Important) | ||
Description: | The do_ipv6_setsockopt function in net/ipv6/ipv6_sockglue.c in Linux kernel before 2.6.20, and possibly other versions, allows local users to cause a denial of service (oops) by calling setsockopt with the IPV6_RTHDR option name and possibly a zero option length or invalid option value, which triggers a NULL pointer dereference. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2007:0169-01 CVE-2007-0771 CVE-2007-1000 CVE-2007-1388 | Version: | 17 |
Platform(s): | Oracle Linux 5 | Product(s): | kernel |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9447 | |||
Oval ID: | oval:org.mitre.oval:def:9447 | ||
Title: | The utrace support in Linux kernel 2.6.18, and other versions, allows local users to cause a denial of service (system hang) related to "MT exec + utrace_attach spin failure mode," as demonstrated by ptrace-thrash.c. | ||
Description: | The utrace support in Linux kernel 2.6.18, and other versions, allows local users to cause a denial of service (system hang) related to "MT exec + utrace_attach spin failure mode," as demonstrated by ptrace-thrash.c. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-0771 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2007-07-10 | Linux Kernel < 2.6.20.2 - IPv6_Getsockopt_Sticky Memory Leak PoC |
OpenVAS Exploits
Date | Description |
---|---|
2009-04-09 | Name : Mandriva Update for kernel MDKSA-2007:078 (kernel) File : nvt/gb_mandriva_MDKSA_2007_078.nasl |
2009-03-23 | Name : Ubuntu Update for linux-source-2.6.15/2.6.17/2.6.20 vulnerabilities USN-464-1 File : nvt/gb_ubuntu_USN_464_1.nasl |
2009-03-23 | Name : Ubuntu Update for linux-source-2.6.17 vulnerabilities USN-486-1 File : nvt/gb_ubuntu_USN_486_1.nasl |
2009-03-23 | Name : Ubuntu Update for linux-source-2.6.15 vulnerability USN-489-1 File : nvt/gb_ubuntu_USN_489_1.nasl |
2009-02-27 | Name : Fedora Update for kernel FEDORA-2007-335 File : nvt/gb_fedora_2007_335_kernel_fc6.nasl |
2009-02-27 | Name : Fedora Update for kernel FEDORA-2007-336 File : nvt/gb_fedora_2007_336_kernel_fc5.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
35927 | Linux Kernel utrace Support Unspecified Local DoS |
33026 | Linux Kernel net/ipv6/ipv6_sockglue.c do_ipv6_setsockopt Function Local DoS |
33025 | Linux Kernel net/ipv6/ipv6_sockglue.c ipv6_getsockopt_sticky Function Arbitra... A local overflow exists in the Linux kernel. The 'ipv6_getsockopt_sticky()' function in script 'ipv6_sockglue.c' fails to provide proper boundary checking resulting in a null pointer dereference overflow. With a specially crafted request, an unprivileged user can read arbitrary kernel memory resulting in a loss of confidentiality. The information gathered could be of use in further attacks on the system. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-464-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-486-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-489-1.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_kernel-3128.nasl - Type : ACT_GATHER_INFO |
2007-05-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0169.nasl - Type : ACT_GATHER_INFO |
2007-05-02 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0169.nasl - Type : ACT_GATHER_INFO |
2007-04-05 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-078.nasl - Type : ACT_GATHER_INFO |
2007-03-16 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-335.nasl - Type : ACT_GATHER_INFO |
2007-03-16 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-336.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:50:34 |
|