Executive Summary
Summary | |
---|---|
Title | New Linux 2.6.18 packages fix several vulnerabilities |
Informations | |||
---|---|---|---|
Name | DSA-1428 | First vendor Publication | 2007-12-11 |
Vendor | Debian | Last vendor Modification | 2007-12-11 |
Severity (Vendor) | N/A | Revision | 2 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.1 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: This is an update to DSA 1428-1 which omitted a reference to CVE-2007-5904. CVE-2007-3104 Eric Sandeen provided a backport of Tejun Heo's fix for a local denial of service vulnerability in sysfs. Under memory pressure, a dentry structure maybe reclaimed resulting in a bad pointer dereference causing an oops during a readdir. CVE-2007-4997 Chris Evans discovered an issue with certain drivers that make use of the Linux kernel's ieee80211 layer. A remote user could generate a malicious 802.11 frame that could result in a denial of service (crash). The ipw2100 driver is known to be affected by this issue, while the ipw2200 is believed not to be. CVE-2007-5500 Scott James Remnant diagnosed a coding error in the implementation of ptrace which could be used by a local user to cause the kernel to enter an infinite loop. CVE-2007-5904 Przemyslaw Wegrzyn discovered an issue in the CIFS filesystem that could allow a malicious server to cause a denial of service (crash) by overflowing a buffer. These problems have been fixed in the stable distribution in version 2.6.18.dfsg.1-13etch5. The following matrix lists additional packages that were rebuilt for compatability with or to take advantage of this update: Debian 4.0 (etch) fai-kernels 1.17+etch.13etch5 user-mode-linux 2.6.18-1um-2etch.13etch5 We recommend that you upgrade your kernel package immediately and reboot the machine. If you have built a custom kernel from the kernel source package, you will need to rebuild to take advantage of these fixes. |
Original Source
Url : http://www.debian.org/security/2007/dsa-1428 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-399 | Resource Management Errors |
33 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
33 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:20179 | |||
Oval ID: | oval:org.mitre.oval:def:20179 | ||
Title: | DSA-1428-1 fai-kernels linux-2.6 user-mode-linux - several vulnerabilities | ||
Description: | Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1428-1 CVE-2007-3104 CVE-2007-4997 CVE-2007-5500 CVE-2007-5904 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | linux-2.6 fai-kernels user-mode-linux |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:9868 | |||
Oval ID: | oval:org.mitre.oval:def:9868 | ||
Title: | The wait_task_stopped function in the Linux kernel before 2.6.23.8 checks a TASK_TRACED bit instead of an exit_state value, which allows local users to cause a denial of service (machine crash) via unspecified vectors. NOTE: some of these details are obtained from third party information. | ||
Description: | The wait_task_stopped function in the Linux kernel before 2.6.23.8 checks a TASK_TRACED bit instead of an exit_state value, which allows local users to cause a denial of service (machine crash) via unspecified vectors. NOTE: some of these details are obtained from third party information. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-5500 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for Linux kernel File : nvt/sles9p5023071.nasl |
2009-04-09 | Name : Mandriva Update for kernel MDVSA-2008:044 (kernel) File : nvt/gb_mandriva_MDVSA_2008_044.nasl |
2009-04-09 | Name : Mandriva Update for kernel MDVSA-2008:112 (kernel) File : nvt/gb_mandriva_MDVSA_2008_112.nasl |
2009-04-09 | Name : Mandriva Update for kernel MDVSA-2008:105 (kernel) File : nvt/gb_mandriva_MDVSA_2008_105.nasl |
2009-04-09 | Name : Mandriva Update for kernel MDKSA-2007:232 (kernel) File : nvt/gb_mandriva_MDKSA_2007_232.nasl |
2009-04-09 | Name : Mandriva Update for kernel MDKSA-2007:226 (kernel) File : nvt/gb_mandriva_MDKSA_2007_226.nasl |
2009-03-23 | Name : Ubuntu Update for linux-source-2.6.15 vulnerabilities USN-508-1 File : nvt/gb_ubuntu_USN_508_1.nasl |
2009-03-23 | Name : Ubuntu Update for linux-source-2.6.17 vulnerabilities USN-509-1 File : nvt/gb_ubuntu_USN_509_1.nasl |
2009-03-23 | Name : Ubuntu Update for linux-source-2.6.20 vulnerabilities USN-510-1 File : nvt/gb_ubuntu_USN_510_1.nasl |
2009-03-23 | Name : Ubuntu Update for linux-source-2.6.17/20/22 vulnerabilities USN-558-1 File : nvt/gb_ubuntu_USN_558_1.nasl |
2009-03-23 | Name : Ubuntu Update for linux-source-2.6.17/20/22 vulnerabilities USN-574-1 File : nvt/gb_ubuntu_USN_574_1.nasl |
2009-03-23 | Name : Ubuntu Update for linux-source-2.6.15 vulnerabilities USN-578-1 File : nvt/gb_ubuntu_USN_578_1.nasl |
2009-03-23 | Name : Ubuntu Update for linux-source-2.6.15/20/22 vulnerabilities USN-618-1 File : nvt/gb_ubuntu_USN_618_1.nasl |
2009-03-06 | Name : RedHat Update for kernel RHSA-2007:0993-01 File : nvt/gb_RHSA-2007_0993-01_kernel.nasl |
2009-03-06 | Name : RedHat Update for kernel RHSA-2007:1104-01 File : nvt/gb_RHSA-2007_1104-01_kernel.nasl |
2009-03-06 | Name : RedHat Update for kernel RHSA-2008:0055-01 File : nvt/gb_RHSA-2008_0055-01_kernel.nasl |
2009-03-06 | Name : RedHat Update for kernel RHSA-2008:0089-01 File : nvt/gb_RHSA-2008_0089-01_kernel.nasl |
2009-03-06 | Name : RedHat Update for kernel RHSA-2008:0167-01 File : nvt/gb_RHSA-2008_0167-01_kernel.nasl |
2009-02-27 | Name : CentOS Update for kernel CESA-2008:0055 centos4 i386 File : nvt/gb_CESA-2008_0055_kernel_centos4_i386.nasl |
2009-02-27 | Name : CentOS Update for kernel CESA-2008:0167 centos4 i386 File : nvt/gb_CESA-2008_0167_kernel_centos4_i386.nasl |
2009-02-27 | Name : CentOS Update for kernel CESA-2007:1104 centos4 i386 File : nvt/gb_CESA-2007_1104_kernel_centos4_i386.nasl |
2009-02-27 | Name : CentOS Update for kernel CESA-2007:1104 centos4 x86_64 File : nvt/gb_CESA-2007_1104_kernel_centos4_x86_64.nasl |
2009-02-27 | Name : CentOS Update for kernel CESA-2008:0055 centos4 x86_64 File : nvt/gb_CESA-2008_0055_kernel_centos4_x86_64.nasl |
2009-02-27 | Name : Fedora Update for kernel FEDORA-2007-759 File : nvt/gb_fedora_2007_759_kernel_fc6.nasl |
2009-02-27 | Name : Fedora Update for kernel FEDORA-2007-3837 File : nvt/gb_fedora_2007_3837_kernel_fc8.nasl |
2009-02-27 | Name : Fedora Update for kernel FEDORA-2007-3751 File : nvt/gb_fedora_2007_3751_kernel_fc7.nasl |
2009-02-27 | Name : CentOS Update for kernel CESA-2008:0167 centos4 x86_64 File : nvt/gb_CESA-2008_0167_kernel_centos4_x86_64.nasl |
2009-01-28 | Name : SuSE Update for kernel SUSE-SA:2007:059 File : nvt/gb_suse_2007_059.nasl |
2009-01-28 | Name : SuSE Update for kernel SUSE-SA:2007:064 File : nvt/gb_suse_2007_064.nasl |
2009-01-28 | Name : SuSE Update for kernel SUSE-SA:2007:063 File : nvt/gb_suse_2007_063.nasl |
2009-01-23 | Name : SuSE Update for kernel SUSE-SA:2008:032 File : nvt/gb_suse_2008_032.nasl |
2009-01-23 | Name : SuSE Update for kernel SUSE-SA:2008:030 File : nvt/gb_suse_2008_030.nasl |
2009-01-23 | Name : SuSE Update for kernel SUSE-SA:2008:017 File : nvt/gb_suse_2008_017.nasl |
2009-01-23 | Name : SuSE Update for kernel-rt SUSE-SA:2008:013 File : nvt/gb_suse_2008_013.nasl |
2008-01-31 | Name : Debian Security Advisory DSA 1428-1 (linux-2.6) File : nvt/deb_1428_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1428-2 (linux-2.6) File : nvt/deb_1428_2.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
39246 | Linux Kernel wait_task_stopped Function Local DoS |
39238 | Linux Kernel CIFS VFS SendReceive() Function SMB Response Remote Overflow |
39236 | Linux Kernel net/ieee80211/ieee80211_rx.c ieee80211_rx() Function Remote DoS |
37115 | Linux Kernel on Red Hat Enterprise sysfs_readdir() Function Local DoS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2008-2005.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0167.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0089.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0055.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-1104.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0993.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0488.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070625_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071129_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071219_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080123_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080131_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080314_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-4745.nasl - Type : ACT_GATHER_INFO |
2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-5370.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0089.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-112.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-105.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-044.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-232.nasl - Type : ACT_GATHER_INFO |
2008-07-08 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-5375.nasl - Type : ACT_GATHER_INFO |
2008-06-24 | Name : The remote openSUSE host is missing a security update. File : suse_kernel-5336.nasl - Type : ACT_GATHER_INFO |
2008-06-24 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-618-1.nasl - Type : ACT_GATHER_INFO |
2008-03-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0167.nasl - Type : ACT_GATHER_INFO |
2008-03-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0167.nasl - Type : ACT_GATHER_INFO |
2008-02-14 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-578-1.nasl - Type : ACT_GATHER_INFO |
2008-02-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0055.nasl - Type : ACT_GATHER_INFO |
2008-02-05 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-574-1.nasl - Type : ACT_GATHER_INFO |
2008-02-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0055.nasl - Type : ACT_GATHER_INFO |
2008-02-01 | Name : The remote openSUSE host is missing a security update. File : suse_kernel-4929.nasl - Type : ACT_GATHER_INFO |
2008-01-27 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0089.nasl - Type : ACT_GATHER_INFO |
2008-01-08 | Name : The remote openSUSE host is missing a security update. File : suse_kernel-4752.nasl - Type : ACT_GATHER_INFO |
2007-12-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-1104.nasl - Type : ACT_GATHER_INFO |
2007-12-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-1104.nasl - Type : ACT_GATHER_INFO |
2007-12-19 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-558-1.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-4741.nasl - Type : ACT_GATHER_INFO |
2007-12-11 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-759.nasl - Type : ACT_GATHER_INFO |
2007-12-11 | Name : The remote Fedora host is missing a security update. File : fedora_2007-3751.nasl - Type : ACT_GATHER_INFO |
2007-12-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1428.nasl - Type : ACT_GATHER_INFO |
2007-12-07 | Name : The remote openSUSE host is missing a security update. File : suse_kernel-4749.nasl - Type : ACT_GATHER_INFO |
2007-12-04 | Name : The remote Fedora host is missing a security update. File : fedora_2007-3837.nasl - Type : ACT_GATHER_INFO |
2007-11-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0993.nasl - Type : ACT_GATHER_INFO |
2007-11-12 | Name : The remote openSUSE host is missing a security update. File : suse_kernel-4641.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-508-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-509-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-510-1.nasl - Type : ACT_GATHER_INFO |
2007-06-27 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0488.nasl - Type : ACT_GATHER_INFO |
2007-06-27 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0488.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:27:05 |
|