7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
0.056 Low
EPSS
Percentile
93.2%
CentOS Errata and Security Advisory CESA-2006:0710
The Linux kernel handles the basic functions of the operating system.
These new kernel packages contain fixes for the security issues described
below:
a flaw in the IPC shared-memory implementation that allowed a local user
to cause a denial of service (deadlock) that resulted in freezing the
system (CVE-2006-4342, Important)
an information leak in the copy_from_user() implementation on s390 and
s390x platforms that allowed a local user to read arbitrary kernel memory
(CVE-2006-5174, Important)
a flaw in the ATM subsystem affecting systems with installed ATM
hardware and configured ATM support that allowed a remote user to cause
a denial of service (panic) by accessing socket buffer memory after it
has been freed (CVE-2006-4997, Moderate)
a directory traversal vulnerability in smbfs that allowed a local user
to escape chroot restrictions for an SMB-mounted filesystem via “…\”
sequences (CVE-2006-1864, Moderate)
a flaw in the mprotect system call that allowed enabling write permission
for a read-only attachment of shared memory (CVE-2006-2071, Moderate)
a flaw in the DVD handling of the CDROM driver that could be used
together with a custom built USB device to gain root privileges
(CVE-2006-2935, Moderate)
In addition to the security issues described above, a bug fix for a clock
skew problem (which could lead to unintended keyboard repeat under X11)
was also included. The problem only occurred when running the 32-bit x86
kernel on 64-bit dual-core x86_64 hardware.
Note: The kernel-unsupported package contains various drivers and modules
that are unsupported and therefore might contain security problems that
have not been addressed.
All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels
to the packages associated with their machine architecture and
configurations as listed in this erratum.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-October/075494.html
https://lists.centos.org/pipermail/centos-announce/2006-October/075495.html
https://lists.centos.org/pipermail/centos-announce/2006-October/075496.html
https://lists.centos.org/pipermail/centos-announce/2006-October/075497.html
Affected packages:
kernel
kernel-BOOT
kernel-doc
kernel-hugemem
kernel-hugemem-unsupported
kernel-smp
kernel-smp-unsupported
kernel-source
kernel-unsupported
Upstream details at:
https://access.redhat.com/errata/RHSA-2006:0710
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 3 | ia64 | kernel | < 2.4.21-47.0.1.EL | kernel-2.4.21-47.0.1.EL.ia64.rpm |
CentOS | 3 | ia64 | kernel-doc | < 2.4.21-47.0.1.EL | kernel-doc-2.4.21-47.0.1.EL.ia64.rpm |
CentOS | 3 | ia64 | kernel-source | < 2.4.21-47.0.1.EL | kernel-source-2.4.21-47.0.1.EL.ia64.rpm |
CentOS | 3 | ia64 | kernel-unsupported | < 2.4.21-47.0.1.EL | kernel-unsupported-2.4.21-47.0.1.EL.ia64.rpm |
CentOS | 3 | i586 | kernel | < 2.4.21-47.0.1.EL | kernel-2.4.21-47.0.1.EL.i586.rpm |
CentOS | 3 | i686 | kernel | < 2.4.21-47.0.1.EL | kernel-2.4.21-47.0.1.EL.i686.rpm |
CentOS | 3 | i386 | kernel-boot | < 2.4.21-47.0.1.EL | kernel-BOOT-2.4.21-47.0.1.EL.i386.rpm |
CentOS | 3 | i386 | kernel-doc | < 2.4.21-47.0.1.EL | kernel-doc-2.4.21-47.0.1.EL.i386.rpm |
CentOS | 3 | i686 | kernel-hugemem | < 2.4.21-47.0.1.EL | kernel-hugemem-2.4.21-47.0.1.EL.i686.rpm |
CentOS | 3 | i686 | kernel-hugemem-unsupported | < 2.4.21-47.0.1.EL | kernel-hugemem-unsupported-2.4.21-47.0.1.EL.i686.rpm |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
0.056 Low
EPSS
Percentile
93.2%