Executive Summary
Summary | |
---|---|
Title | New Linux 2.6.18 packages fix several vulnerabilities |
Informations | |||
---|---|---|---|
Name | DSA-1479 | First vendor Publication | 2008-01-29 |
Vendor | Debian | Last vendor Modification | 2008-01-29 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
CVE-2007-2878 Bart Oldeman reported a denial of service (DoS) issue in the VFAT filesystem that allows local users to corrupt a kernel structure resulting in a system crash. This is only an issue for systems which make use of the VFAT compat ioctl interface, such as systems running an 'amd64' flavor kernel. CVE-2007-4571 Takashi Iwai supplied a fix for a memory leak in the snd_page_alloc module. Local users could exploit this issue to obtain sensitive information from the kernel. CVE-2007-6151 ADLAB discovered a possible memory overrun in the ISDN subsystem that may permit a local user to overwrite kernel memory leading by issuing ioctls with unterminated data. CVE-2008-0001 Bill Roman of Datalight noticed a coding error in the linux VFS subsystem that, under certain conditions, can allow local users to remove directories for which they should not have removal privileges. These problems have been fixed in the stable distribution in version 2.6.18.dfsg.1-17etch1. We recommend that you upgrade your kernel packages immediately and reboot the machine. If you have built a custom kernel from the kernel source package, you will need to rebuild to take advantage of these fixes. |
Original Source
Url : http://www.debian.org/security/2008/dsa-1479 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:18435 | |||
Oval ID: | oval:org.mitre.oval:def:18435 | ||
Title: | DSA-1505-1 alsa-driver alsa-modules-i386 - kernel memory leak | ||
Description: | Takashi Iwai supplied a fix for a memory leak in the snd_page_alloc module. Local users could exploit this issue to obtain sensitive information from the kernel (<a href="http://security-tracker.debian.org/tracker/CVE-2007-4571">CVE-2007-4571</a>). | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1505-1 CVE-2007-4571 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | alsa-driver |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18770 | |||
Oval ID: | oval:org.mitre.oval:def:18770 | ||
Title: | DSA-1479-1 linux-2.6 | ||
Description: | Several local vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1479-1 CVE-2007-2878 CVE-2007-4571 CVE-2007-6151 CVE-2008-0001 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | linux-2.6 |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2007-09-21 | Linux Kernel 2.6.x ALSA snd-page-alloc Local Proc File Information Disclosure... |
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for kernel CESA-2009:0001-01 centos2 i386 File : nvt/gb_CESA-2009_0001-01_kernel_centos2_i386.nasl |
2009-10-10 | Name : SLES9: Security update for Linux kernel File : nvt/sles9p5023071.nasl |
2009-10-10 | Name : SLES9: Security update for Linux kernel File : nvt/sles9p5020541.nasl |
2009-04-09 | Name : Mandriva Update for kernel MDVSA-2008:044 (kernel) File : nvt/gb_mandriva_MDVSA_2008_044.nasl |
2009-04-09 | Name : Mandriva Update for kernel MDVSA-2008:112 (kernel) File : nvt/gb_mandriva_MDVSA_2008_112.nasl |
2009-03-23 | Name : Ubuntu Update for linux-source-2.6.17/20/22 vulnerabilities USN-574-1 File : nvt/gb_ubuntu_USN_574_1.nasl |
2009-03-23 | Name : Ubuntu Update for linux-source-2.6.15/20/22 vulnerabilities USN-618-1 File : nvt/gb_ubuntu_USN_618_1.nasl |
2009-03-23 | Name : Ubuntu Update for linux-source-2.6.17 vulnerabilities USN-486-1 File : nvt/gb_ubuntu_USN_486_1.nasl |
2009-03-23 | Name : Ubuntu Update for linux-source-2.6.15 vulnerability USN-489-1 File : nvt/gb_ubuntu_USN_489_1.nasl |
2009-03-23 | Name : Ubuntu Update for linux-source-2.6.15 vulnerabilities USN-578-1 File : nvt/gb_ubuntu_USN_578_1.nasl |
2009-03-23 | Name : Ubuntu Update for linux-source-2.6.20 vulnerabilities USN-510-1 File : nvt/gb_ubuntu_USN_510_1.nasl |
2009-03-06 | Name : RedHat Update for kernel RHSA-2007:0993-01 File : nvt/gb_RHSA-2007_0993-01_kernel.nasl |
2009-03-06 | Name : RedHat Update for kernel RHSA-2008:0055-01 File : nvt/gb_RHSA-2008_0055-01_kernel.nasl |
2009-03-06 | Name : RedHat Update for kernel RHSA-2008:0089-01 File : nvt/gb_RHSA-2008_0089-01_kernel.nasl |
2009-03-06 | Name : RedHat Update for kernel RHSA-2008:0211-01 File : nvt/gb_RHSA-2008_0211-01_kernel.nasl |
2009-02-27 | Name : CentOS Update for kernel CESA-2008:0055 centos4 i386 File : nvt/gb_CESA-2008_0055_kernel_centos4_i386.nasl |
2009-02-27 | Name : Fedora Update for kernel FEDORA-2007-714 File : nvt/gb_fedora_2007_714_kernel_fc6.nasl |
2009-02-27 | Name : Fedora Update for kernel FEDORA-2007-2349 File : nvt/gb_fedora_2007_2349_kernel_fc7.nasl |
2009-02-27 | Name : CentOS Update for kernel CESA-2008:0211 centos3 x86_64 File : nvt/gb_CESA-2008_0211_kernel_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for kernel CESA-2008:0211 centos3 i386 File : nvt/gb_CESA-2008_0211_kernel_centos3_i386.nasl |
2009-02-27 | Name : CentOS Update for kernel CESA-2008:0055 centos4 x86_64 File : nvt/gb_CESA-2008_0055_kernel_centos4_x86_64.nasl |
2009-02-17 | Name : Fedora Update for kernel FEDORA-2008-0748 File : nvt/gb_fedora_2008_0748_kernel_fc8.nasl |
2009-02-17 | Name : Fedora Update for kernel FEDORA-2008-0984 File : nvt/gb_fedora_2008_0984_kernel_fc8.nasl |
2009-02-17 | Name : Fedora Update for kernel FEDORA-2008-0958 File : nvt/gb_fedora_2008_0958_kernel_fc7.nasl |
2009-02-17 | Name : Fedora Update for kernel FEDORA-2008-0742 File : nvt/gb_fedora_2008_0742_kernel_fc7.nasl |
2009-02-10 | Name : CentOS Security Advisory CESA-2009:0001-01 (kernel) File : nvt/ovcesa2009_0001_01.nasl |
2009-01-28 | Name : SuSE Update for kernel SUSE-SA:2007:053 File : nvt/gb_suse_2007_053.nasl |
2009-01-23 | Name : SuSE Update for kernel SUSE-SA:2008:007 File : nvt/gb_suse_2008_007.nasl |
2009-01-23 | Name : SuSE Update for kernel-rt SUSE-SA:2008:013 File : nvt/gb_suse_2008_013.nasl |
2009-01-23 | Name : SuSE Update for kernel SUSE-SA:2008:017 File : nvt/gb_suse_2008_017.nasl |
2009-01-23 | Name : SuSE Update for kernel SUSE-SA:2008:032 File : nvt/gb_suse_2008_032.nasl |
2009-01-13 | Name : RedHat Security Advisory RHSA-2009:0001 File : nvt/RHSA_2009_0001.nasl |
2009-01-07 | Name : RedHat Security Advisory RHSA-2008:0787 File : nvt/RHSA_2008_0787.nasl |
2008-03-11 | Name : Debian Security Advisory DSA 1503-2 (kernel-source-2.4.27 (2.4.27-10sarge7)) File : nvt/deb_1503_2.nasl |
2008-02-28 | Name : Debian Security Advisory DSA 1505-1 (alsa-driver) File : nvt/deb_1505_1.nasl |
2008-02-28 | Name : Debian Security Advisory DSA 1504-1 (kernel-source-2.6.8 (2.6.8-17sarge1)) File : nvt/deb_1504_1.nasl |
2008-02-28 | Name : Debian Security Advisory DSA 1503-1 (kernel-source-2.4.27 (2.4.27-10sarge6)) File : nvt/deb_1503_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
40913 | Linux Kernel isdn_common.c isdn_ioctl Function Local Overflow DoS |
40910 | Linux Kernel VFS Arbitrary Directory Truncation |
39234 | Linux Kernel ALSA sound/core/memalloc.c snd_mem_proc_read() Function Arbitrar... |
35926 | Linux Kernel VFAT Compat IOCTLs Unspecified Local DoS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2008-2005.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0939.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0705.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0993.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0055.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0089.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0211.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080131_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071101_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071129_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080123_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080507_kernel_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-4472.nasl - Type : ACT_GATHER_INFO |
2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-4938.nasl - Type : ACT_GATHER_INFO |
2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-5370.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0089.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0705.nasl - Type : ACT_GATHER_INFO |
2009-07-27 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2008-0011.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0939.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-044.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-112.nasl - Type : ACT_GATHER_INFO |
2009-01-09 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0001.nasl - Type : ACT_GATHER_INFO |
2008-07-08 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-5375.nasl - Type : ACT_GATHER_INFO |
2008-06-24 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-618-1.nasl - Type : ACT_GATHER_INFO |
2008-05-09 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0211.nasl - Type : ACT_GATHER_INFO |
2008-05-09 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0211.nasl - Type : ACT_GATHER_INFO |
2008-02-25 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1503.nasl - Type : ACT_GATHER_INFO |
2008-02-25 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1505.nasl - Type : ACT_GATHER_INFO |
2008-02-25 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1504.nasl - Type : ACT_GATHER_INFO |
2008-02-14 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-578-1.nasl - Type : ACT_GATHER_INFO |
2008-02-14 | Name : The remote openSUSE host is missing a security update. File : suse_kernel-4987.nasl - Type : ACT_GATHER_INFO |
2008-02-11 | Name : The remote Fedora host is missing a security update. File : fedora_2008-0984.nasl - Type : ACT_GATHER_INFO |
2008-02-11 | Name : The remote openSUSE host is missing a security update. File : suse_kernel-4970.nasl - Type : ACT_GATHER_INFO |
2008-02-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-4935.nasl - Type : ACT_GATHER_INFO |
2008-02-05 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-574-1.nasl - Type : ACT_GATHER_INFO |
2008-02-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0055.nasl - Type : ACT_GATHER_INFO |
2008-02-05 | Name : The remote Fedora host is missing a security update. File : fedora_2008-0742.nasl - Type : ACT_GATHER_INFO |
2008-02-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0055.nasl - Type : ACT_GATHER_INFO |
2008-02-01 | Name : The remote openSUSE host is missing a security update. File : suse_kernel-4929.nasl - Type : ACT_GATHER_INFO |
2008-02-01 | Name : The remote openSUSE host is missing a security update. File : suse_kernel-4941.nasl - Type : ACT_GATHER_INFO |
2008-02-01 | Name : The remote openSUSE host is missing a security update. File : suse_kernel-4943.nasl - Type : ACT_GATHER_INFO |
2008-01-30 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1479.nasl - Type : ACT_GATHER_INFO |
2008-01-29 | Name : The remote Fedora host is missing a security update. File : fedora_2008-0958.nasl - Type : ACT_GATHER_INFO |
2008-01-27 | Name : The remote Fedora host is missing a security update. File : fedora_2008-0748.nasl - Type : ACT_GATHER_INFO |
2008-01-27 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0089.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-4471.nasl - Type : ACT_GATHER_INFO |
2007-11-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0993.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-486-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-489-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-510-1.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-2349.nasl - Type : ACT_GATHER_INFO |
2007-11-02 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0939.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_kernel-4503.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_kernel-4487.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_kernel-4473.nasl - Type : ACT_GATHER_INFO |
2007-10-09 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-714.nasl - Type : ACT_GATHER_INFO |
2007-09-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0705.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:27:17 |
|