Executive Summary

Summary
Title kernel security and bug fix update
Informations
Name RHSA-2007:0099 First vendor Publication 2007-03-14
Vendor RedHat Last vendor Modification 2007-03-14
Severity (Vendor) Important Revision 02

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 6.9 Attack Range Local
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated kernel packages that fix security issues and bugs in the Red Hat Enterprise Linux 5 kernel are now available.

This update has been rated as having important security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64

3. Problem description:

The Linux kernel handles the basic functions of the operating system.

These new kernel packages contain fixes for the following security issues:

* a flaw in the key serial number collision avoidance algorithm of the keyctl subsystem that allowed a local user to cause a denial of service (CVE-2007-0006, Important)

* a flaw in the Omnikey CardMan 4040 driver that allowed a local user to execute arbitrary code with kernel privileges. In order to exploit this issue, the Omnikey CardMan 4040 PCMCIA card must be present and the local user must have access rights to the character device created by the driver. (CVE-2007-0005, Moderate)

* a flaw in the core-dump handling that allowed a local user to create core dumps from unreadable binaries via PT_INTERP. (CVE-2007-0958, Low)

In addition to the security issues described above, a fix for a kernel panic in the powernow-k8 module, and a fix for a kernel panic when booting the Xen domain-0 on system with large memory installations have been included.

Red Hat would like to thank Daniel Roethlisberger for reporting an issue fixed in this erratum.

Red Hat Enterprise Linux 5 users are advised to upgrade their kernels to the packages associated with their machine architecture and configurations as listed in this erratum.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

229883 - CVE-2007-0006 Key serial number collision problem 229884 - CVE-2007-0005 Buffer Overflow in Omnikey CardMan 4040 cmx driver 229885 - CVE-2007-0958 core-dumping unreadable binaries via PT_INTERP

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2007-0099.html

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10343
 
Oval ID: oval:org.mitre.oval:def:10343
Title: Linux kernel 2.6.x before 2.6.20 allows local users to read unreadable binaries by using the interpreter (PT_INTERP) functionality and triggering a core dump, a variant of CVE-2004-1073.
Description: Linux kernel 2.6.x before 2.6.20 allows local users to read unreadable binaries by using the interpreter (PT_INTERP) functionality and triggering a core dump, a variant of CVE-2004-1073.
Family: unix Class: vulnerability
Reference(s): CVE-2007-0958
 Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11238
 
Oval ID: oval:org.mitre.oval:def:11238
Title: Multiple buffer overflows in the (1) read and (2) write handlers in the Omnikey CardMan 4040 driver in the Linux kernel before 2.6.21-rc3 allow local users to gain privileges.
Description: Multiple buffer overflows in the (1) read and (2) write handlers in the Omnikey CardMan 4040 driver in the Linux kernel before 2.6.21-rc3 allow local users to gain privileges.
Family: unix Class: vulnerability
Reference(s): CVE-2007-0005
 Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22319
 
Oval ID: oval:org.mitre.oval:def:22319
Title: ELSA-2007:0099: kernel security and bug fix update (Important)
Description: Linux kernel 2.6.x before 2.6.20 allows local users to read unreadable binaries by using the interpreter (PT_INTERP) functionality and triggering a core dump, a variant of CVE-2004-1073.
Family: unix Class: patch
Reference(s): ELSA-2007:0099-02
CVE-2007-0005
CVE-2007-0006
CVE-2007-0958
 Version: 17
Platform(s): Oracle Linux 5
 Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9829
 
Oval ID: oval:org.mitre.oval:def:9829
Title: The key serial number collision avoidance code in the key_alloc_serial function in Linux kernel 2.6.9 up to 2.6.20 allows local users to cause a denial of service (crash) via vectors that trigger a null dereference, as originally reported as "spinlock CPU recursion."
Description: The key serial number collision avoidance code in the key_alloc_serial function in Linux kernel 2.6.9 up to 2.6.20 allows local users to cause a denial of service (crash) via vectors that trigger a null dereference, as originally reported as "spinlock CPU recursion."
Family: unix Class: vulnerability
Reference(s): CVE-2007-0006
 Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 1
Os 873

ExploitDB Exploits

id Description
2007-04-06 Man Command -H Flag Local Buffer Overflow Vulnerability
2007-03-09 Linux Omnikey Cardman 4040 driver Local Buffer Overflow Exploit PoC

OpenVAS Exploits

Date Description
2009-04-09 Name : Mandriva Update for kernel MDKSA-2007:078 (kernel)
File : nvt/gb_mandriva_MDKSA_2007_078.nasl
2009-04-09 Name : Mandriva Update for kernel MDKSA-2007:060 (kernel)
File : nvt/gb_mandriva_MDKSA_2007_060.nasl
2009-04-09 Name : Mandriva Update for kernel MDKSA-2007:047 (kernel)
File : nvt/gb_mandriva_MDKSA_2007_047.nasl
2009-03-23 Name : Ubuntu Update for linux-source-2.6.15 vulnerability USN-489-1
File : nvt/gb_ubuntu_USN_489_1.nasl
2009-03-23 Name : Ubuntu Update for linux-source-2.6.17 vulnerabilities USN-486-1
File : nvt/gb_ubuntu_USN_486_1.nasl
2009-03-23 Name : Ubuntu Update for linux-source-2.6.15/2.6.17 vulnerabilities USN-451-1
File : nvt/gb_ubuntu_USN_451_1.nasl
2009-02-27 Name : Fedora Update for kernel FEDORA-2007-483
File : nvt/gb_fedora_2007_483_kernel_fc5.nasl
2009-02-27 Name : Fedora Update for kernel FEDORA-2007-599
File : nvt/gb_fedora_2007_599_kernel_fc5.nasl
2009-02-27 Name : Fedora Update for kernel FEDORA-2007-433
File : nvt/gb_fedora_2007_433_kernel_fc5.nasl
2009-02-27 Name : Fedora Update for kernel FEDORA-2007-336
File : nvt/gb_fedora_2007_336_kernel_fc5.nasl
2009-02-27 Name : Fedora Update for kernel FEDORA-2007-335
File : nvt/gb_fedora_2007_335_kernel_fc6.nasl
2009-02-27 Name : Fedora Update for kernel FEDORA-2007-277
File : nvt/gb_fedora_2007_277_kernel_fc5.nasl
2009-02-27 Name : Fedora Update for kernel FEDORA-2007-226
File : nvt/gb_fedora_2007_226_kernel_fc6.nasl
2009-02-27 Name : Fedora Update for kernel FEDORA-2007-225
File : nvt/gb_fedora_2007_225_kernel_fc5.nasl
2009-01-28 Name : SuSE Update for kernel SUSE-SA:2007:021
File : nvt/gb_suse_2007_021.nasl
2008-01-17 Name : Debian Security Advisory DSA 1286-1 (linux-2.6)
File : nvt/deb_1286_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1304-1 (kernel-source-2.6.8)
File : nvt/deb_1304_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
35930 Linux Kernel PT_INTERP Forced Core Dump Arbitrary Restricted Binary Access
33032 Linux Kernel Interpreter (PT_INTERP) Functionality Arbitrary Binary Read Access
33023 Linux Kernel Omnikey CardMan 4040 Driver Multiple Handler Local Overflow

A local overflow exists in the Omnikey CardMan 4040 linux drivers. The issue is due to a boundary error in the read() and write() functions. With a specially crafted request, an attacker with write permissions to a cmx device file can cause a denial of service and possibly execute arbitrary code on the system resulting in a loss of integrity.
33021 Linux Kernel key_alloc_serial() Function Key Serial Number Collision Avoidanc...

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2007-0488.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2007-0085.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20070625_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2007-11-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-489-1.nasl - Type : ACT_GATHER_INFO
2007-11-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-486-1.nasl - Type : ACT_GATHER_INFO
2007-11-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-451-1.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote openSUSE host is missing a security update.
File : suse_kernel-2705.nasl - Type : ACT_GATHER_INFO
2007-06-27 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-0488.nasl - Type : ACT_GATHER_INFO
2007-06-27 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2007-0488.nasl - Type : ACT_GATHER_INFO
2007-06-18 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1304.nasl - Type : ACT_GATHER_INFO
2007-05-25 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-0099.nasl - Type : ACT_GATHER_INFO
2007-05-03 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1286.nasl - Type : ACT_GATHER_INFO
2007-04-05 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2007-078.nasl - Type : ACT_GATHER_INFO
2007-03-16 Name : The remote Fedora Core host is missing a security update.
File : fedora_2007-336.nasl - Type : ACT_GATHER_INFO
2007-03-16 Name : The remote Fedora Core host is missing a security update.
File : fedora_2007-335.nasl - Type : ACT_GATHER_INFO
2007-03-12 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2007-060.nasl - Type : ACT_GATHER_INFO
2007-02-28 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2007-0085.nasl - Type : ACT_GATHER_INFO
2007-02-27 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-0085.nasl - Type : ACT_GATHER_INFO
2007-02-22 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2007-047.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:50:29
  • Multiple Updates