CVE-2007-1000
5.7 Medium
AI Score
Confidence
Low
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
0.4%
The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c in the Linux kernel before 2.6.20.2 allows local users to read arbitrary kernel memory via certain getsockopt calls that trigger a NULL dereference.
| CPE | Name | Operator | Version |
|---|---|---|---|
| linux:linux_kernel | linux linux kernel | le | 2.6.20.1 |
References
bugzilla.kernel.org/show_bug.cgi?id=8134
fedoranews.org/cms/node/2787
fedoranews.org/cms/node/2788
lists.suse.com/archive/suse-security-announce/2007-May/0001.html
secunia.com/advisories/24493
secunia.com/advisories/24518
secunia.com/advisories/24777
secunia.com/advisories/24901
secunia.com/advisories/25080
secunia.com/advisories/25099
secunia.com/advisories/25691
secunia.com/advisories/26133
secunia.com/advisories/26139
www.kb.cert.org/vuls/id/920689
www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.2
www.mandriva.com/security/advisories?name=MDKSA-2007:078
www.osvdb.org/33025
www.redhat.com/support/errata/RHSA-2007-0169.html
www.securityfocus.com/archive/1/471457
www.securityfocus.com/bid/22904
www.ubuntu.com/usn/usn-486-1
www.ubuntu.com/usn/usn-489-1
www.vupen.com/english/advisories/2007/0907
www.wslabi.com/wabisabilabi/initPublishedBid.do?
issues.rpath.com/browse/RPL-1153
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10015
Social References
More
Related
5.7 Medium
AI Score
Confidence
Low
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
0.4%