Executive Summary
Summary | |
---|---|
Title | kernel security and bug fix update |
Informations | |||
---|---|---|---|
Name | RHSA-2007:0347 | First vendor Publication | 2007-05-16 |
Vendor | RedHat | Last vendor Modification | 2007-05-16 |
Severity (Vendor) | Important | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated kernel packages that fix security issues and bugs in the Red Hat Enterprise Linux 5 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 3. Problem description: The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the following security issues: * a flaw in the handling of IPv6 type 0 routing headers that allowed remote users to cause a denial of service that led to a network amplification between two routers (CVE-2007-2242, Important). * a flaw in the nfnetlink_log netfilter module that allowed a local user to cause a denial of service (CVE-2007-1496, Important). * a flaw in the flow list of listening IPv6 sockets that allowed a local user to cause a denial of service (CVE-2007-1592, Important). * a flaw in the handling of netlink messages that allowed a local user to cause a denial of service (infinite recursion) (CVE-2007-1861, Important). * a flaw in the IPv4 forwarding base that allowed a local user to cause an out-of-bounds access (CVE-2007-2172, Important). * a flaw in the nf_conntrack netfilter module for IPv6 that allowed remote users to bypass certain netfilter rules using IPv6 fragments (CVE-2007-1497, Moderate). In addition to the security issues described above, fixes for the following have been included: * a regression in ipv6 routing. * an error in memory initialization that caused gdb to output inaccurate backtraces on ia64. * the nmi watchdog timeout was updated from 5 to 30 seconds. * a flaw in distributed lock management that could result in errors during virtual machine migration. * an omitted include in kernel-headers that led to compile failures for some packages. Red Hat Enterprise Linux 5 users are advised to upgrade to these packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 238046 - oops and panics bringing up/down interfaces on 128p Altix, 8 interfaces 238731 - dlm locking error from gfs dio/aio during virt machine migration 238749 - The patch "xen: Add PACKET_AUXDATA cmsg" cause /usr/include/linux/if_packet.h broken 238944 - CVE-2007-1592 IPv6 oops triggerable by any user 238946 - CVE-2007-1496 Various NULL pointer dereferences in netfilter code 238947 - CVE-2007-1497 IPv6 fragments bypass in nf_conntrack netfilter code 238948 - CVE-2007-2172 fib_semantics.c out of bounds access vulnerability 238949 - CVE-2007-2242 IPv6 routing headers issue 238960 - CVE-2007-1861 infinite recursion in netlink |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2007-0347.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-399 | Resource Management Errors |
33 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
33 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10457 | |||
Oval ID: | oval:org.mitre.oval:def:10457 | ||
Title: | nf_conntrack in netfilter in the Linux kernel before 2.6.20.3 does not set nfctinfo during reassembly of fragmented packets, which leaves the default value as IP_CT_ESTABLISHED and might allow remote attackers to bypass certain rulesets using IPv6 fragments. | ||
Description: | nf_conntrack in netfilter in the Linux kernel before 2.6.20.3 does not set nfctinfo during reassembly of fragmented packets, which leaves the default value as IP_CT_ESTABLISHED and might allow remote attackers to bypass certain rulesets using IPv6 fragments. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-1497 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11616 | |||
Oval ID: | oval:org.mitre.oval:def:11616 | ||
Title: | The nl_fib_lookup function in net/ipv4/fib_frontend.c in Linux Kernel before 2.6.20.8 allows attackers to cause a denial of service (kernel panic) via NETLINK_FIB_LOOKUP replies, which trigger infinite recursion and a stack overflow. | ||
Description: | The nl_fib_lookup function in net/ipv4/fib_frontend.c in Linux Kernel before 2.6.20.8 allows attackers to cause a denial of service (kernel panic) via NETLINK_FIB_LOOKUP replies, which trigger infinite recursion and a stack overflow. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-1861 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20039 | |||
Oval ID: | oval:org.mitre.oval:def:20039 | ||
Title: | DSA-1289-1 linux-2.6 | ||
Description: | Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1289-1 CVE-2007-1496 CVE-2007-1497 CVE-2007-1861 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | linux-2.6 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:9574 | |||
Oval ID: | oval:org.mitre.oval:def:9574 | ||
Title: | The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers. | ||
Description: | The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-2242 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9831 | |||
Oval ID: | oval:org.mitre.oval:def:9831 | ||
Title: | nfnetlink_log in netfilter in the Linux kernel before 2.6.20.3 allows attackers to cause a denial of service (crash) via unspecified vectors involving the (1) nfulnl_recv_config function, (2) using "multiple packets per netlink message", and (3) bridged packets, which trigger a NULL pointer dereference. | ||
Description: | nfnetlink_log in netfilter in the Linux kernel before 2.6.20.3 allows attackers to cause a denial of service (crash) via unspecified vectors involving the (1) nfulnl_recv_config function, (2) using "multiple packets per netlink message", and (3) bridged packets, which trigger a NULL pointer dereference. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-1496 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for kernel CESA-2009:0001-01 centos2 i386 File : nvt/gb_CESA-2009_0001-01_kernel_centos2_i386.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-10 | Name : SLES9: Security update for Linux kernel File : nvt/sles9p5011429.nasl |
2009-04-09 | Name : Mandriva Update for kernel MDKSA-2007:171 (kernel) File : nvt/gb_mandriva_MDKSA_2007_171.nasl |
2009-04-09 | Name : Mandriva Update for kernel MDKSA-2007:078 (kernel) File : nvt/gb_mandriva_MDKSA_2007_078.nasl |
2009-03-23 | Name : Ubuntu Update for linux-source-2.6.15 vulnerabilities USN-508-1 File : nvt/gb_ubuntu_USN_508_1.nasl |
2009-03-23 | Name : Ubuntu Update for linux-source-2.6.15 vulnerability USN-489-1 File : nvt/gb_ubuntu_USN_489_1.nasl |
2009-03-23 | Name : Ubuntu Update for linux-source-2.6.17 vulnerabilities USN-486-1 File : nvt/gb_ubuntu_USN_486_1.nasl |
2009-03-23 | Name : Ubuntu Update for linux-source-2.6.15/2.6.17/2.6.20 vulnerabilities USN-464-1 File : nvt/gb_ubuntu_USN_464_1.nasl |
2009-03-06 | Name : RedHat Update for kernel RHSA-2007:1049-01 File : nvt/gb_RHSA-2007_1049-01_kernel.nasl |
2009-02-27 | Name : CentOS Update for kernel CESA-2007:1049 centos3 i386 File : nvt/gb_CESA-2007_1049_kernel_centos3_i386.nasl |
2009-02-27 | Name : CentOS Update for kernel CESA-2007:1049 centos3 x86_64 File : nvt/gb_CESA-2007_1049_kernel_centos3_x86_64.nasl |
2009-02-27 | Name : Fedora Update for kernel FEDORA-2007-482 File : nvt/gb_fedora_2007_482_kernel_fc6.nasl |
2009-02-27 | Name : Fedora Update for kernel FEDORA-2007-483 File : nvt/gb_fedora_2007_483_kernel_fc5.nasl |
2009-02-10 | Name : CentOS Security Advisory CESA-2009:0001-01 (kernel) File : nvt/ovcesa2009_0001_01.nasl |
2009-01-28 | Name : SuSE Update for kernel SUSE-SA:2007:035 File : nvt/gb_suse_2007_035.nasl |
2009-01-28 | Name : SuSE Update for kernel SUSE-SA:2007:051 File : nvt/gb_suse_2007_051.nasl |
2009-01-28 | Name : SuSE Update for kernel SUSE-SA:2007:043 File : nvt/gb_suse_2007_043.nasl |
2009-01-13 | Name : RedHat Security Advisory RHSA-2009:0001 File : nvt/RHSA_2009_0001.nasl |
2009-01-07 | Name : RedHat Security Advisory RHSA-2008:0787 File : nvt/RHSA_2008_0787.nasl |
2008-09-04 | Name : FreeBSD Security Advisory (FreeBSD-SA-07:03.ipv6.asc) File : nvt/freebsdsa_ipv61.nasl |
2008-03-11 | Name : Debian Security Advisory DSA 1503-2 (kernel-source-2.4.27 (2.4.27-10sarge7)) File : nvt/deb_1503_2.nasl |
2008-02-28 | Name : Debian Security Advisory DSA 1503-1 (kernel-source-2.4.27 (2.4.27-10sarge6)) File : nvt/deb_1503_1.nasl |
2008-02-28 | Name : Debian Security Advisory DSA 1504-1 (kernel-source-2.6.8 (2.6.8-17sarge1)) File : nvt/deb_1504_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1363-1 (linux-2.6) File : nvt/deb_1363_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1356-1 (linux-2.6) File : nvt/deb_1356_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1304-1 (kernel-source-2.6.8) File : nvt/deb_1304_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1289-1 (linux-2.6) File : nvt/deb_1289_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1286-1 (linux-2.6) File : nvt/deb_1286_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
37121 | Linux Kernel fib_props (fib_semantics.c, IPv4) RTA_MAX DoS |
37120 | Linux Kernel dn_fib_props (dn_fib.c, DECNet) RTA_MAX DoS |
35303 | Multiple OS IPv6 Type 0 Route Headers DoS |
34741 | Linux Kernel net/ipv4/fib_frontend.c nl_fib_lookup Function DoS |
34365 | Linux Kernel net/ipv6/tcp_ipv6.c ipv6_fl_socklist Function Local DoS |
33028 | Linux Kernel conntrack IPv6 Packet Reassembly Ruleset Bypass The Linux Kernel contains a flaw that may allows a remote attacker to bypass certain netfilter rulesets. The issue is due to the 'nf_conntrack' function not copying 'nfctinfo' information resulting in IPv6 fragments are treated as established and could allow an attacker to bypass a ruleset that accepts established packets. |
33027 | Linux Kernel net/netfilter/nfnetlink_log.c Crafted Packet Remote DoS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-1049.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0488.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0436.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0347.nasl - Type : ACT_GATHER_INFO |
2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070516_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070611_kernel_on_SL3.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070625_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071203_kernel_on_SL3.nasl - Type : ACT_GATHER_INFO |
2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-4186.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0347.nasl - Type : ACT_GATHER_INFO |
2009-01-09 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0001.nasl - Type : ACT_GATHER_INFO |
2008-02-25 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1504.nasl - Type : ACT_GATHER_INFO |
2008-02-25 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1503.nasl - Type : ACT_GATHER_INFO |
2008-02-01 | Name : The remote openSUSE host is missing a security update. File : suse_kernel-4929.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-4185.nasl - Type : ACT_GATHER_INFO |
2007-12-04 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-1049.nasl - Type : ACT_GATHER_INFO |
2007-12-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-1049.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-464-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-486-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-489-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-508-1.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote SuSE system is missing the security patch kernel-4193. File : suse_kernel-4193.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_kernel-3760.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_kernel-3128.nasl - Type : ACT_GATHER_INFO |
2007-09-03 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-171.nasl - Type : ACT_GATHER_INFO |
2007-09-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1363.nasl - Type : ACT_GATHER_INFO |
2007-08-21 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1356.nasl - Type : ACT_GATHER_INFO |
2007-08-13 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0672.nasl - Type : ACT_GATHER_INFO |
2007-06-27 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0488.nasl - Type : ACT_GATHER_INFO |
2007-06-27 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0488.nasl - Type : ACT_GATHER_INFO |
2007-06-21 | Name : The remote host is missing a Mac OS X update which fixes a security issue. File : macosx_10_4_10.nasl - Type : ACT_GATHER_INFO |
2007-06-18 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1304.nasl - Type : ACT_GATHER_INFO |
2007-06-14 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0436.nasl - Type : ACT_GATHER_INFO |
2007-06-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0436.nasl - Type : ACT_GATHER_INFO |
2007-05-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0347.nasl - Type : ACT_GATHER_INFO |
2007-05-16 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1289.nasl - Type : ACT_GATHER_INFO |
2007-05-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1286.nasl - Type : ACT_GATHER_INFO |
2007-05-02 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-482.nasl - Type : ACT_GATHER_INFO |
2007-05-02 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-483.nasl - Type : ACT_GATHER_INFO |
2007-04-05 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-078.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:50:39 |
|