Executive Summary
Summary | |
---|---|
Title | Linux kernel vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-518-1 | First vendor Publication | 2007-09-25 |
Vendor | Ubuntu | Last vendor Modification | 2007-09-25 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: Ubuntu 6.10: Ubuntu 7.04: After a standard system upgrade you need to reboot your computer to affect the necessary changes. Details follow: Evan Teran discovered that the Linux kernel ptrace routines did not correctly handle certain requests robustly. Local attackers could exploit this to crash the system, causing a denial of service. (CVE-2007-3731) It was discovered that hugetlb kernels on PowerPC systems did not prevent the stack from colliding with reserved kernel memory. Local attackers could exploit this and crash the system, causing a denial of service. (CVE-2007-3739) It was discovered that certain CIFS filesystem actions did not honor the umask of a process. Local attackers could exploit this to gain additional privileges. (CVE-2007-3740) Wojciech Purczynski discovered that the Linux kernel ia32 syscall emulation in x86_64 kernels did not correctly clear the high bits of registers. Local attackers could exploit this to gain root privileges. (CVE-2007-4573) |
Original Source
Url : http://www.ubuntu.com/usn/USN-518-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
40 % | CWE-264 | Permissions, Privileges, and Access Controls |
20 % | CWE-399 | Resource Management Errors |
20 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
20 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10394 | |||
Oval ID: | oval:org.mitre.oval:def:10394 | ||
Title: | The Linux kernel 2.6.20 and 2.6.21 does not properly handle an invalid LDT segment selector in %cs (the xcs field) during ptrace single-step operations, which allows local users to cause a denial of service (NULL dereference and OOPS) via certain code that makes ptrace PTRACE_SETREGS and PTRACE_SINGLESTEP requests, related to the TRACE_IRQS_ON function, and possibly related to the arch_ptrace function. | ||
Description: | The Linux kernel 2.6.20 and 2.6.21 does not properly handle an invalid LDT segment selector in %cs (the xcs field) during ptrace single-step operations, which allows local users to cause a denial of service (NULL dereference and OOPS) via certain code that makes ptrace PTRACE_SETREGS and PTRACE_SINGLESTEP requests, related to the TRACE_IRQS_ON function, and possibly related to the arch_ptrace function. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-3731 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21705 | |||
Oval ID: | oval:org.mitre.oval:def:21705 | ||
Title: | ELSA-2007:0936: kernel security update (Important) | ||
Description: | The IA32 system call emulation functionality in Linux kernel 2.4.x and 2.6.x before 2.6.22.7, when running on the x86_64 architecture, does not zero extend the eax register after the 32bit entry path to ptrace is used, which might allow local users to gain privileges by triggering an out-of-bounds access to the system call table using the %RAX register. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2007:0936-01 CVE-2007-4573 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | kernel |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2010-12-09 | Name : Mandriva Update for kernel MDVSA-2010:247 (kernel) File : nvt/gb_mandriva_MDVSA_2010_247.nasl |
2010-10-19 | Name : Mandriva Update for kernel MDVSA-2010:198 (kernel) File : nvt/gb_mandriva_MDVSA_2010_198.nasl |
2010-09-27 | Name : Mandriva Update for kernel MDVSA-2010:188 (kernel) File : nvt/gb_mandriva_MDVSA_2010_188.nasl |
2009-10-10 | Name : SLES9: Security update for Linux kernel File : nvt/sles9p5020541.nasl |
2009-04-09 | Name : Mandriva Update for kernel MDKSA-2007:195 (kernel) File : nvt/gb_mandriva_MDKSA_2007_195.nasl |
2009-04-09 | Name : Mandriva Update for kernel MDVSA-2008:105 (kernel) File : nvt/gb_mandriva_MDVSA_2008_105.nasl |
2009-03-23 | Name : Ubuntu Update for linux-source-2.6.15/17/20 vulnerabilities USN-518-1 File : nvt/gb_ubuntu_USN_518_1.nasl |
2009-03-06 | Name : RedHat Update for kernel RHSA-2007:1049-01 File : nvt/gb_RHSA-2007_1049-01_kernel.nasl |
2009-02-27 | Name : CentOS Update for kernel CESA-2007:1049 centos3 x86_64 File : nvt/gb_CESA-2007_1049_kernel_centos3_x86_64.nasl |
2009-02-27 | Name : Fedora Update for kernel FEDORA-2007-2298 File : nvt/gb_fedora_2007_2298_kernel_fc7.nasl |
2009-02-27 | Name : CentOS Update for kernel CESA-2007:1049 centos3 i386 File : nvt/gb_CESA-2007_1049_kernel_centos3_i386.nasl |
2009-01-28 | Name : SuSE Update for kernel SUSE-SA:2007:053 File : nvt/gb_suse_2007_053.nasl |
2009-01-28 | Name : SuSE Update for kernel SUSE-SA:2007:064 File : nvt/gb_suse_2007_064.nasl |
2008-02-28 | Name : Debian Security Advisory DSA 1504-1 (kernel-source-2.6.8 (2.6.8-17sarge1)) File : nvt/deb_1504_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1378-1 (linux-2.6) File : nvt/deb_1378_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1381-2 (linux-2.6) File : nvt/deb_1381_2.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1381-1 (linux-2.6) File : nvt/deb_1381_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1378-2 (linux-2.6) File : nvt/deb_1378_2.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
40597 | Linux Kernel CIFS Filesystem Process umask Local Privilege Escalation |
37287 | Linux Kernel on x86_64 IA32 System Call Emulation %RAX Register Local Privile... |
37286 | Linux Kernel Invalid LDT Segment Selector Local DoS |
37285 | Linux hugetlb Kernel on PowerPC mm/mmap.c Stack Expansion Local DoS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0705.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0936.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-1049.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0940.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0939.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0937.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0938.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070927_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071203_kernel_on_SL3.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071101_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071022_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-4745.nasl - Type : ACT_GATHER_INFO |
2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-4472.nasl - Type : ACT_GATHER_INFO |
2010-12-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-247.nasl - Type : ACT_GATHER_INFO |
2010-10-08 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-198.nasl - Type : ACT_GATHER_INFO |
2010-09-24 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-188.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0705.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0940.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-105.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0939.nasl - Type : ACT_GATHER_INFO |
2008-02-25 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1504.nasl - Type : ACT_GATHER_INFO |
2008-02-01 | Name : The remote openSUSE host is missing a security update. File : suse_kernel-4929.nasl - Type : ACT_GATHER_INFO |
2008-01-08 | Name : The remote openSUSE host is missing a security update. File : suse_kernel-4752.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-4471.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-4741.nasl - Type : ACT_GATHER_INFO |
2007-12-04 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-1049.nasl - Type : ACT_GATHER_INFO |
2007-12-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-1049.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-518-1.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-2298.nasl - Type : ACT_GATHER_INFO |
2007-11-02 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0939.nasl - Type : ACT_GATHER_INFO |
2007-10-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0940.nasl - Type : ACT_GATHER_INFO |
2007-10-25 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-195.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_kernel-4473.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_kernel-4487.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_kernel-4503.nasl - Type : ACT_GATHER_INFO |
2007-10-03 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0936.nasl - Type : ACT_GATHER_INFO |
2007-10-03 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0937.nasl - Type : ACT_GATHER_INFO |
2007-10-03 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0938.nasl - Type : ACT_GATHER_INFO |
2007-10-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1381.nasl - Type : ACT_GATHER_INFO |
2007-10-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1378.nasl - Type : ACT_GATHER_INFO |
2007-10-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0938.nasl - Type : ACT_GATHER_INFO |
2007-10-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0937.nasl - Type : ACT_GATHER_INFO |
2007-10-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0936.nasl - Type : ACT_GATHER_INFO |
2007-09-25 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-712.nasl - Type : ACT_GATHER_INFO |
2007-09-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0705.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:04:38 |
|