Executive Summary
Summary | |
---|---|
Title | Linux kernel vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-509-1 | First vendor Publication | 2007-08-31 |
Vendor | Ubuntu | Last vendor Modification | 2007-08-31 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:H/Au:S/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 6 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | High |
Cvss Expoit Score | 1.5 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.10: After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: A flaw in the sysfs_readdir function allowed a local user to cause a denial of service by dereferencing a NULL pointer. (CVE-2007-3104) A buffer overflow was discovered in the random number generator. In environments with granular assignment of root privileges, a local attacker could gain additional privileges. (CVE-2007-3105) A flaw was discovered in the usblcd driver. A local attacker could cause large amounts of kernel memory consumption, leading to a denial of service. (CVE-2007-3513) It was discovered that certain setuid-root processes did not correctly reset process death signal handlers. A local user could manipulate this to send signals to processes they would not normally have access to. (CVE-2007-3848) The Direct Rendering Manager for the i915 driver could be made to write to arbitrary memory locations. An attacker with access to a running X11 session could send a specially crafted buffer and gain root privileges. (CVE-2007-3851) It was discovered that the aacraid SCSI driver did not correctly check permissions on certain ioctls. A local attacker could cause a denial of service or gain privileges. (CVE-2007-4308) |
Original Source
Url : http://www.ubuntu.com/usn/USN-509-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
67 % | CWE-399 | Resource Management Errors |
33 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10371 | |||
Oval ID: | oval:org.mitre.oval:def:10371 | ||
Title: | Stack-based buffer overflow in the random number generator (RNG) implementation in the Linux kernel before 2.6.22 might allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater than the output pool size, which triggers writing random numbers to the stack by the pool transfer function involving "bound check ordering". NOTE: this issue might only cross privilege boundaries in environments that have granular assignment of privileges for root. | ||
Description: | Stack-based buffer overflow in the random number generator (RNG) implementation in the Linux kernel before 2.6.22 might allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater than the output pool size, which triggers writing random numbers to the stack by the pool transfer function involving "bound check ordering". NOTE: this issue might only cross privilege boundaries in environments that have granular assignment of privileges for root. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-3105 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11196 | |||
Oval ID: | oval:org.mitre.oval:def:11196 | ||
Title: | The drm/i915 component in the Linux kernel before 2.6.22.2, when used with i965G and later chipsets, allows local users with access to an X11 session and Direct Rendering Manager (DRM) to write to arbitrary memory locations and gain privileges via a crafted batchbuffer. | ||
Description: | The drm/i915 component in the Linux kernel before 2.6.22.2, when used with i965G and later chipsets, allows local users with access to an X11 session and Direct Rendering Manager (DRM) to write to arbitrary memory locations and gain privileges via a crafted batchbuffer. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-3851 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18865 | |||
Oval ID: | oval:org.mitre.oval:def:18865 | ||
Title: | DSA-1356-1 linux-2.6 - several vulnerabilities | ||
Description: | Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1356-1 CVE-2007-1353 CVE-2007-2172 CVE-2007-2453 CVE-2007-2525 CVE-2007-2876 CVE-2007-3513 CVE-2007-3642 CVE-2007-3848 CVE-2007-3851 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | linux-2.6 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20520 | |||
Oval ID: | oval:org.mitre.oval:def:20520 | ||
Title: | DSA-1363-1 linux-2.6 | ||
Description: | Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1363-1 CVE-2007-2172 CVE-2007-2875 CVE-2007-3105 CVE-2007-3843 CVE-2007-4308 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | linux-2.6 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:9883 | |||
Oval ID: | oval:org.mitre.oval:def:9883 | ||
Title: | The lcd_write function in drivers/usb/misc/usblcd.c in the Linux kernel before 2.6.22-rc7 does not limit the amount of memory used by a caller, which allows local users to cause a denial of service (memory consumption). | ||
Description: | The lcd_write function in drivers/usb/misc/usblcd.c in the Linux kernel before 2.6.22-rc7 does not limit the amount of memory used by a caller, which allows local users to cause a denial of service (memory consumption). | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-3513 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for kernel CESA-2009:0001-01 centos2 i386 File : nvt/gb_CESA-2009_0001-01_kernel_centos2_i386.nasl |
2009-10-10 | Name : SLES9: Security update for Linux kernel File : nvt/sles9p5023071.nasl |
2009-10-10 | Name : SLES9: Security update for Linux kernel File : nvt/sles9p5020541.nasl |
2009-04-09 | Name : Mandriva Update for kernel MDVSA-2008:105 (kernel) File : nvt/gb_mandriva_MDVSA_2008_105.nasl |
2009-04-09 | Name : Mandriva Update for kernel MDKSA-2007:195 (kernel) File : nvt/gb_mandriva_MDKSA_2007_195.nasl |
2009-03-23 | Name : Ubuntu Update for linux-source-2.6.20 vulnerabilities USN-510-1 File : nvt/gb_ubuntu_USN_510_1.nasl |
2009-03-23 | Name : Ubuntu Update for linux-source-2.6.17 vulnerabilities USN-509-1 File : nvt/gb_ubuntu_USN_509_1.nasl |
2009-03-23 | Name : Ubuntu Update for linux-source-2.6.15 vulnerabilities USN-508-1 File : nvt/gb_ubuntu_USN_508_1.nasl |
2009-03-23 | Name : Ubuntu Update for linux-source-2.6.15 vulnerability USN-489-1 File : nvt/gb_ubuntu_USN_489_1.nasl |
2009-03-06 | Name : RedHat Update for kernel RHSA-2008:0089-01 File : nvt/gb_RHSA-2008_0089-01_kernel.nasl |
2009-03-06 | Name : RedHat Update for kernel RHSA-2007:1049-01 File : nvt/gb_RHSA-2007_1049-01_kernel.nasl |
2009-02-27 | Name : Fedora Update for kernel FEDORA-2007-1785 File : nvt/gb_fedora_2007_1785_kernel_fc7.nasl |
2009-02-27 | Name : Fedora Update for kernel FEDORA-2007-679 File : nvt/gb_fedora_2007_679_kernel_fc6.nasl |
2009-02-27 | Name : CentOS Update for kernel CESA-2007:1049 centos3 x86_64 File : nvt/gb_CESA-2007_1049_kernel_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for kernel CESA-2007:1049 centos3 i386 File : nvt/gb_CESA-2007_1049_kernel_centos3_i386.nasl |
2009-02-10 | Name : CentOS Security Advisory CESA-2009:0001-01 (kernel) File : nvt/ovcesa2009_0001_01.nasl |
2009-01-28 | Name : SuSE Update for kernel SUSE-SA:2007:051 File : nvt/gb_suse_2007_051.nasl |
2009-01-28 | Name : SuSE Update for kernel SUSE-SA:2007:053 File : nvt/gb_suse_2007_053.nasl |
2009-01-28 | Name : SuSE Update for kernel SUSE-SA:2007:064 File : nvt/gb_suse_2007_064.nasl |
2009-01-23 | Name : SuSE Update for kernel SUSE-SA:2008:017 File : nvt/gb_suse_2008_017.nasl |
2009-01-13 | Name : RedHat Security Advisory RHSA-2009:0001 File : nvt/RHSA_2009_0001.nasl |
2009-01-07 | Name : RedHat Security Advisory RHSA-2008:0787 File : nvt/RHSA_2008_0787.nasl |
2008-03-11 | Name : Debian Security Advisory DSA 1503-2 (kernel-source-2.4.27 (2.4.27-10sarge7)) File : nvt/deb_1503_2.nasl |
2008-02-28 | Name : Debian Security Advisory DSA 1504-1 (kernel-source-2.6.8 (2.6.8-17sarge1)) File : nvt/deb_1504_1.nasl |
2008-02-28 | Name : Debian Security Advisory DSA 1503-1 (kernel-source-2.4.27 (2.4.27-10sarge6)) File : nvt/deb_1503_1.nasl |
2008-01-31 | Name : Debian Security Advisory DSA 1428-1 (linux-2.6) File : nvt/deb_1428_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1428-2 (linux-2.6) File : nvt/deb_1428_2.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1363-1 (linux-2.6) File : nvt/deb_1363_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1356-1 (linux-2.6) File : nvt/deb_1356_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
37289 | Linux Kernel PR_SET_PDEATHSIG Local Privilege Escalation |
37288 | Linux Kernel Random Number Generator (RNG) Default Wakeup Threshold Manipulat... |
37124 | Linux Kernel drm/i915 Component Crafted batchbuffer Local Privilege Escalation |
37122 | Linux Kernel AACRAID Driver IOCTL Multiple Function Local Privilege Escalation |
37116 | Linux Kernel USBLCD Driver (drivers/usb/misc/usblcd.c) lcd_write Function Loc... |
37115 | Linux Kernel on Red Hat Enterprise sysfs_readdir() Function Local DoS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2008-2005.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0089.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-1049.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0940.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0939.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0705.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0488.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080123_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071203_kernel_on_SL3.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071101_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071022_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070625_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-4745.nasl - Type : ACT_GATHER_INFO |
2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-4186.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0705.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0940.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0089.nasl - Type : ACT_GATHER_INFO |
2009-07-27 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2008-0003.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-105.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0939.nasl - Type : ACT_GATHER_INFO |
2009-01-09 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0001.nasl - Type : ACT_GATHER_INFO |
2008-02-25 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1504.nasl - Type : ACT_GATHER_INFO |
2008-02-25 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1503.nasl - Type : ACT_GATHER_INFO |
2008-02-01 | Name : The remote openSUSE host is missing a security update. File : suse_kernel-4929.nasl - Type : ACT_GATHER_INFO |
2008-01-27 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0089.nasl - Type : ACT_GATHER_INFO |
2008-01-08 | Name : The remote openSUSE host is missing a security update. File : suse_kernel-4752.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-4185.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-4741.nasl - Type : ACT_GATHER_INFO |
2007-12-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1428.nasl - Type : ACT_GATHER_INFO |
2007-12-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-1049.nasl - Type : ACT_GATHER_INFO |
2007-12-04 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-1049.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-508-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-489-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-509-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-510-1.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-1785.nasl - Type : ACT_GATHER_INFO |
2007-11-02 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0939.nasl - Type : ACT_GATHER_INFO |
2007-10-25 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-195.nasl - Type : ACT_GATHER_INFO |
2007-10-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0940.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_kernel-4487.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote SuSE system is missing the security patch kernel-4193. File : suse_kernel-4193.nasl - Type : ACT_GATHER_INFO |
2007-09-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0705.nasl - Type : ACT_GATHER_INFO |
2007-09-05 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-679.nasl - Type : ACT_GATHER_INFO |
2007-09-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1363.nasl - Type : ACT_GATHER_INFO |
2007-08-21 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1356.nasl - Type : ACT_GATHER_INFO |
2007-06-27 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0488.nasl - Type : ACT_GATHER_INFO |
2007-06-27 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0488.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:04:36 |
|