7.8 - CVE-2007-5501

Executive Summary

Informations
Name	CVE-2007-5501	First vendor Publication	2007-11-15
Vendor	Cve	Last vendor Modification	2023-02-13

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score	7.8	Attack Range	Network
Cvss Impact Score	6.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The tcp_sacktag_write_queue function in net/ipv4/tcp_input.c in Linux kernel 2.6.21 through 2.6.23.7, and 2.6.24-rc through 2.6.24-rc2, allows remote attackers to cause a denial of service (crash) via crafted ACK responses that trigger a NULL pointer dereference.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5501

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-399	Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:17735

Oval ID:	oval:org.mitre.oval:def:17735
Title:	USN-558-1 -- linux-source-2.6.17/20/22 vulnerabilities
Description:	The minix filesystem did not properly validate certain filesystem values.
Family:	unix	Class:	patch
Reference(s):	USN-558-1 CVE-2006-6058 CVE-2007-4133 CVE-2007-4567 CVE-2007-4849 CVE-2007-4997 CVE-2007-5093 CVE-2007-5500 CVE-2007-5501	Version:	7
Platform(s):	Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10	Product(s):	linux-source-2.6.17 linux-source-2.6.20 linux-source-2.6.22
Definition Synopsis:
Release section Ubuntu 6.10 is installed Packages match section linux-image-2.6.17-12-386 DPKG is earlier than 2.6.17.1-12.42 AND linux-image-2.6.17-12-generic DPKG is earlier than 2.6.17.1-12.42 AND linux-image-2.6.17-12-hppa32 DPKG is earlier than 2.6.17.1-12.42 AND linux-image-2.6.17-12-hppa64 DPKG is earlier than 2.6.17.1-12.42 AND linux-image-2.6.17-12-itanium DPKG is earlier than 2.6.17.1-12.42 AND linux-image-2.6.17-12-mckinley DPKG is earlier than 2.6.17.1-12.42 AND linux-image-2.6.17-12-powerpc DPKG is earlier than 2.6.17.1-12.42 AND linux-image-2.6.17-12-powerpc-smp DPKG is earlier than 2.6.17.1-12.42 AND linux-image-2.6.17-12-powerpc64-smp DPKG is earlier than 2.6.17.1-12.42 AND linux-image-2.6.17-12-server DPKG is earlier than 2.6.17.1-12.42 AND linux-image-2.6.17-12-server-bigiron DPKG is earlier than 2.6.17.1-12.42 AND linux-image-2.6.17-12-sparc64 DPKG is earlier than 2.6.17.1-12.42 AND linux-image-2.6.17-12-sparc64-smp DPKG is earlier than 2.6.17.1-12.42 AND Release section Ubuntu 7.04 is installed Packages match section linux-image-2.6.20-16-386 DPKG is earlier than 2.6.20-16.33 AND linux-image-2.6.20-16-generic DPKG is earlier than 2.6.20-16.33 AND linux-image-2.6.20-16-hppa32 DPKG is earlier than 2.6.20-16.33 AND linux-image-2.6.20-16-hppa64 DPKG is earlier than 2.6.20-16.33 AND linux-image-2.6.20-16-itanium DPKG is earlier than 2.6.20-16.33 AND linux-image-2.6.20-16-lowlatency DPKG is earlier than 2.6.20-16.33 AND linux-image-2.6.20-16-mckinley DPKG is earlier than 2.6.20-16.33 AND linux-image-2.6.20-16-powerpc DPKG is earlier than 2.6.20-16.33 AND linux-image-2.6.20-16-powerpc-smp DPKG is earlier than 2.6.20-16.33 AND linux-image-2.6.20-16-powerpc64-smp DPKG is earlier than 2.6.20-16.33 AND linux-image-2.6.20-16-server DPKG is earlier than 2.6.20-16.33 AND linux-image-2.6.20-16-server-bigiron DPKG is earlier than 2.6.20-16.33 AND linux-image-2.6.20-16-sparc64 DPKG is earlier than 2.6.20-16.33 AND linux-image-2.6.20-16-sparc64-smp DPKG is earlier than 2.6.20-16.33 AND Release section Ubuntu 7.10 is installed Packages match section linux-image-2.6.22-14-386 DPKG is earlier than 2.6.22-14.47 AND linux-image-2.6.22-14-cell DPKG is earlier than 2.6.22-14.47 AND linux-image-2.6.22-14-generic DPKG is earlier than 2.6.22-14.47 AND linux-image-2.6.22-14-hppa32 DPKG is earlier than 2.6.22-14.47 AND linux-image-2.6.22-14-hppa64 DPKG is earlier than 2.6.22-14.47 AND linux-image-2.6.22-14-itanium DPKG is earlier than 2.6.22-14.47 AND linux-image-2.6.22-14-lpia DPKG is earlier than 2.6.22-14.47 AND linux-image-2.6.22-14-lpiacompat DPKG is earlier than 2.6.22-14.47 AND linux-image-2.6.22-14-mckinley DPKG is earlier than 2.6.22-14.47 AND linux-image-2.6.22-14-powerpc DPKG is earlier than 2.6.22-14.47 AND linux-image-2.6.22-14-powerpc-smp DPKG is earlier than 2.6.22-14.47 AND linux-image-2.6.22-14-powerpc64-smp DPKG is earlier than 2.6.22-14.47 AND linux-image-2.6.22-14-rt DPKG is earlier than 2.6.22-14.47 AND linux-image-2.6.22-14-server DPKG is earlier than 2.6.22-14.47 AND linux-image-2.6.22-14-sparc64 DPKG is earlier than 2.6.22-14.47 AND linux-image-2.6.22-14-sparc64-smp DPKG is earlier than 2.6.22-14.47 AND linux-image-2.6.22-14-ume DPKG is earlier than 2.6.22-14.47 AND linux-image-2.6.22-14-virtual DPKG is earlier than 2.6.22-14.47 AND linux-image-2.6.22-14-xen DPKG is earlier than 2.6.22-14.47

CPE : Common Platform Enumeration

Type	Description	Count
Os	Linux Linux Kernel cpe:2.3:o:linux:linux_kernel:2.6.24:rc1:::::: cpe:2.3:o:linux:linux_kernel:2.6.24:rc2:::::: cpe:2.3:o:linux:linux_kernel:2.6.23.7:::::::* cpe:2.3:o:linux:linux_kernel:2.6.23.6:::::::* cpe:2.3:o:linux:linux_kernel:2.6.23.5:::::::* cpe:2.3:o:linux:linux_kernel:2.6.23.4:::::::* cpe:2.3:o:linux:linux_kernel:2.6.23.3:::::::* cpe:2.3:o:linux:linux_kernel:2.6.23.2:::::::* cpe:2.3:o:linux:linux_kernel:2.6.23.1:::::::* cpe:2.3:o:linux:linux_kernel:2.6.23:rc1:::::: cpe:2.3:o:linux:linux_kernel:2.6.23:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.23:rc5:::::: cpe:2.3:o:linux:linux_kernel:2.6.23:rc8:::::: cpe:2.3:o:linux:linux_kernel:2.6.23:rc2:::::: cpe:2.3:o:linux:linux_kernel:2.6.23:rc9:::::: cpe:2.3:o:linux:linux_kernel:2.6.23:rc7:::::: cpe:2.3:o:linux:linux_kernel:2.6.23:rc3:::::: cpe:2.3:o:linux:linux_kernel:2.6.23:rc4:::::: cpe:2.3:o:linux:linux_kernel:2.6.23:rc6:::::: cpe:2.3:o:linux:linux_kernel:2.6.22.9:::::::* cpe:2.3:o:linux:linux_kernel:2.6.22.8:::::::* cpe:2.3:o:linux:linux_kernel:2.6.22.7:::::::* cpe:2.3:o:linux:linux_kernel:2.6.22.6:::::::* cpe:2.3:o:linux:linux_kernel:2.6.22.5:::::::* cpe:2.3:o:linux:linux_kernel:2.6.22.4:::::::* cpe:2.3:o:linux:linux_kernel:2.6.22.3:::::::* cpe:2.3:o:linux:linux_kernel:2.6.22.22:::::::* cpe:2.3:o:linux:linux_kernel:2.6.22.21:::::::* cpe:2.3:o:linux:linux_kernel:2.6.22.20:::::::* cpe:2.3:o:linux:linux_kernel:2.6.22.2:::::::* cpe:2.3:o:linux:linux_kernel:2.6.22.19:::::::* cpe:2.3:o:linux:linux_kernel:2.6.22.18:::::::* cpe:2.3:o:linux:linux_kernel:2.6.22.17:::::::* cpe:2.3:o:linux:linux_kernel:2.6.22.16:::::::* cpe:2.3:o:linux:linux_kernel:2.6.22.15:::::::* cpe:2.3:o:linux:linux_kernel:2.6.22.14:::::::* cpe:2.3:o:linux:linux_kernel:2.6.22.13:::::::* cpe:2.3:o:linux:linux_kernel:2.6.22.12:::::::* cpe:2.3:o:linux:linux_kernel:2.6.22.11:::::::* cpe:2.3:o:linux:linux_kernel:2.6.22.10:::::::* cpe:2.3:o:linux:linux_kernel:2.6.22.1:::::::* cpe:2.3:o:linux:linux_kernel:2.6.22:rc6:::::: cpe:2.3:o:linux:linux_kernel:2.6.22:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.22:rc4:::::: cpe:2.3:o:linux:linux_kernel:2.6.22:rc1:::::: cpe:2.3:o:linux:linux_kernel:2.6.22:rc2:::::: cpe:2.3:o:linux:linux_kernel:2.6.22:rc3:::::: cpe:2.3:o:linux:linux_kernel:2.6.22:rc5:::::: cpe:2.3:o:linux:linux_kernel:2.6.22:rc7:::::: cpe:2.3:o:linux:linux_kernel:2.6.21.7:::::::* cpe:2.3:o:linux:linux_kernel:2.6.21.6:::::::* cpe:2.3:o:linux:linux_kernel:2.6.21.5:::::::* cpe:2.3:o:linux:linux_kernel:2.6.21.4:::::::* cpe:2.3:o:linux:linux_kernel:2.6.21.3:::::::* cpe:2.3:o:linux:linux_kernel:2.6.21.2:::::::* cpe:2.3:o:linux:linux_kernel:2.6.21.1:::::::* cpe:2.3:o:linux:linux_kernel:2.6.21:rc5:::::: cpe:2.3:o:linux:linux_kernel:2.6.21:rc2:::::: cpe:2.3:o:linux:linux_kernel:2.6.21:rc6:::::: cpe:2.3:o:linux:linux_kernel:2.6.21:rc3:::::: cpe:2.3:o:linux:linux_kernel:2.6.21:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.21:rc4:::::: cpe:2.3:o:linux:linux_kernel:2.6.21:rc7:::::: cpe:2.3:o:linux:linux_kernel:2.6.21:rc1::::::	64

OpenVAS Exploits

Date	Description
2009-04-09	Name : Mandriva Update for kernel MDVSA-2008:044 (kernel) File : nvt/gb_mandriva_MDVSA_2008_044.nasl
2009-03-23	Name : Ubuntu Update for linux-source-2.6.17/20/22 vulnerabilities USN-558-1 File : nvt/gb_ubuntu_USN_558_1.nasl
2009-03-23	Name : Ubuntu Update for linux-source-2.6.17/20/22 vulnerabilities USN-574-1 File : nvt/gb_ubuntu_USN_574_1.nasl
2009-02-27	Name : Fedora Update for kernel FEDORA-2007-3751 File : nvt/gb_fedora_2007_3751_kernel_fc7.nasl
2009-02-27	Name : Fedora Update for kernel FEDORA-2007-3837 File : nvt/gb_fedora_2007_3837_kernel_fc8.nasl
2009-02-27	Name : Fedora Update for kernel FEDORA-2007-759 File : nvt/gb_fedora_2007_759_kernel_fc6.nasl
2009-01-28	Name : SuSE Update for kernel SUSE-SA:2007:063 File : nvt/gb_suse_2007_063.nasl
2009-01-23	Name : SuSE Update for kernel-rt SUSE-SA:2008:013 File : nvt/gb_suse_2008_013.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
39245	Linux Kernel net/ipv4/tcp_input.c tcp_sacktag_write_queue Function Crafted AC...

Nessus® Vulnerability Scanner

Date	Description
2009-04-23	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-226.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-044.nasl - Type : ACT_GATHER_INFO
2008-02-05	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-574-1.nasl - Type : ACT_GATHER_INFO
2007-12-19	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-558-1.nasl - Type : ACT_GATHER_INFO
2007-12-11	Name : The remote Fedora host is missing a security update. File : fedora_2007-3751.nasl - Type : ACT_GATHER_INFO
2007-12-11	Name : The remote Fedora Core host is missing a security update. File : fedora_2007-759.nasl - Type : ACT_GATHER_INFO
2007-12-07	Name : The remote openSUSE host is missing a security update. File : suse_kernel-4749.nasl - Type : ACT_GATHER_INFO
2007-12-04	Name : The remote Fedora host is missing a security update. File : fedora_2007-3837.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source	Url
BID	http://www.securityfocus.com/bid/26474
CONFIRM	http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23.8 http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.24-rc3 https://issues.rpath.com/browse/RPL-1965
FEDORA	https://www.redhat.com/archives/fedora-package-announce/2007-December/msg0003... https://www.redhat.com/archives/fedora-package-announce/2007-December/msg0017... https://www.redhat.com/archives/fedora-package-announce/2007-December/msg0030...
MANDRIVA	http://www.mandriva.com/security/advisories?name=MDVSA-2008:044
MISC	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3...
MLIST	http://lwn.net/Articles/258947/
SECUNIA	http://secunia.com/advisories/27664 http://secunia.com/advisories/27703 http://secunia.com/advisories/27888 http://secunia.com/advisories/27919 http://secunia.com/advisories/27922 http://secunia.com/advisories/28170 http://secunia.com/advisories/28706 http://secunia.com/advisories/29245
SUSE	http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00002.html http://www.novell.com/linux/security/advisories/2007_63_kernel.html
UBUNTU	http://www.ubuntu.com/usn/usn-558-1 http://www.ubuntu.com/usn/usn-574-1
VUPEN	http://www.vupen.com/english/advisories/2007/3902
XF	https://exchange.xforce.ibmcloud.com/vulnerabilities/38548

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-02-02 01:07:31	Multiple Updates
2024-02-01 12:02:27	Multiple Updates
2023-09-05 12:07:01	Multiple Updates
2023-09-05 01:02:18	Multiple Updates
2023-09-02 12:07:07	Multiple Updates
2023-09-02 01:02:19	Multiple Updates
2023-08-12 12:08:17	Multiple Updates
2023-08-12 01:02:19	Multiple Updates
2023-08-11 12:07:10	Multiple Updates
2023-08-11 01:02:23	Multiple Updates
2023-08-06 12:06:51	Multiple Updates
2023-08-06 01:02:20	Multiple Updates
2023-08-04 12:06:56	Multiple Updates
2023-08-04 01:02:23	Multiple Updates
2023-07-14 12:06:55	Multiple Updates
2023-07-14 01:02:20	Multiple Updates
2023-03-29 01:07:46	Multiple Updates
2023-03-28 12:02:26	Multiple Updates
2023-02-13 09:29:25	Multiple Updates
2022-10-11 12:06:08	Multiple Updates
2022-10-11 01:02:11	Multiple Updates
2021-05-04 12:06:33	Multiple Updates
2021-04-22 01:07:05	Multiple Updates
2020-05-23 00:20:38	Multiple Updates
2017-07-29 12:02:37	Multiple Updates
2016-04-26 16:43:11	Multiple Updates
2014-02-17 10:42:10	Multiple Updates
2013-05-11 10:39:46	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	1
CPE ID(s)	64
Sources(s)	24
osvdb(s)	1
Openvas Exploit(s)	8
Nessus® Exploit(s)	8

	Related
7.8	USN-574-1
7.8	USN-558-1
7.8	MDVSA-2008:044
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 3 more Alert(s)

7.8 - CVE-2007-5501

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU