ID CENTOS_RHSA-2007-0347.NASL Type nessus Reporter Tenable Modified 2016-11-17T00:00:00
Description
Updated kernel packages that fix security issues and bugs in the Red Hat Enterprise Linux 5 kernel are now available.
This update has been rated as having important security impact by the Red Hat Security Response Team.
The Linux kernel handles the basic functions of the operating system.
These new kernel packages contain fixes for the following security issues :
a flaw in the handling of IPv6 type 0 routing headers that allowed remote users to cause a denial of service that led to a network amplification between two routers (CVE-2007-2242, Important).
a flaw in the nfnetlink_log netfilter module that allowed a local user to cause a denial of service (CVE-2007-1496, Important).
a flaw in the flow list of listening IPv6 sockets that allowed a local user to cause a denial of service (CVE-2007-1592, Important).
a flaw in the handling of netlink messages that allowed a local user to cause a denial of service (infinite recursion) (CVE-2007-1861, Important).
a flaw in the IPv4 forwarding base that allowed a local user to cause an out-of-bounds access (CVE-2007-2172, Important).
a flaw in the nf_conntrack netfilter module for IPv6 that allowed remote users to bypass certain netfilter rules using IPv6 fragments (CVE-2007-1497, Moderate).
In addition to the security issues described above, fixes for the following have been included :
a regression in ipv6 routing.
an error in memory initialization that caused gdb to output inaccurate backtraces on ia64.
the nmi watchdog timeout was updated from 5 to 30 seconds.
a flaw in distributed lock management that could result in errors during virtual machine migration.
an omitted include in kernel-headers that led to compile failures for some packages.
Red Hat Enterprise Linux 5 users are advised to upgrade to these packages, which contain backported patches to correct these issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2007:0347 and
# CentOS Errata and Security Advisory 2007:0347 respectively.
#
if (NASL_LEVEL < 3000) exit(0);
include("compat.inc");
if (description)
{
script_id(43641);
script_version("$Revision: 1.10 $");
script_cvs_date("$Date: 2016/11/17 20:59:08 $");
script_cve_id("CVE-2007-1496", "CVE-2007-1497", "CVE-2007-1592", "CVE-2007-1861", "CVE-2007-2172", "CVE-2007-2242");
script_bugtraq_id(23104, 23615);
script_osvdb_id(34365, 35303, 37120, 37121, 107978);
script_xref(name:"RHSA", value:"2007:0347");
script_name(english:"CentOS 5 : kernel (CESA-2007:0347)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote CentOS host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"Updated kernel packages that fix security issues and bugs in the Red
Hat Enterprise Linux 5 kernel are now available.
This update has been rated as having important security impact by the
Red Hat Security Response Team.
The Linux kernel handles the basic functions of the operating system.
These new kernel packages contain fixes for the following security
issues :
* a flaw in the handling of IPv6 type 0 routing headers that allowed
remote users to cause a denial of service that led to a network
amplification between two routers (CVE-2007-2242, Important).
* a flaw in the nfnetlink_log netfilter module that allowed a local
user to cause a denial of service (CVE-2007-1496, Important).
* a flaw in the flow list of listening IPv6 sockets that allowed a
local user to cause a denial of service (CVE-2007-1592, Important).
* a flaw in the handling of netlink messages that allowed a local user
to cause a denial of service (infinite recursion) (CVE-2007-1861,
Important).
* a flaw in the IPv4 forwarding base that allowed a local user to
cause an out-of-bounds access (CVE-2007-2172, Important).
* a flaw in the nf_conntrack netfilter module for IPv6 that allowed
remote users to bypass certain netfilter rules using IPv6 fragments
(CVE-2007-1497, Moderate).
In addition to the security issues described above, fixes for the
following have been included :
* a regression in ipv6 routing.
* an error in memory initialization that caused gdb to output
inaccurate backtraces on ia64.
* the nmi watchdog timeout was updated from 5 to 30 seconds.
* a flaw in distributed lock management that could result in errors
during virtual machine migration.
* an omitted include in kernel-headers that led to compile failures
for some packages.
Red Hat Enterprise Linux 5 users are advised to upgrade to these
packages, which contain backported patches to correct these issues."
);
script_set_attribute(
attribute:"see_also",
value:"http://lists.centos.org/pipermail/centos-announce/2007-May/013802.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://lists.centos.org/pipermail/centos-announce/2007-May/013803.html"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected kernel packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:ND");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(20, 119, 399);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-PAE");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-PAE-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-headers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-xen");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-xen-devel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5");
script_set_attribute(attribute:"patch_publication_date", value:"2007/05/19");
script_set_attribute(attribute:"plugin_publication_date", value:"2010/01/06");
script_set_attribute(attribute:"vuln_publication_date", value:"2007/03/16");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.");
script_family(english:"CentOS Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/CentOS/release")) audit(AUDIT_OS_NOT, "CentOS");
if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
flag = 0;
if (rpm_check(release:"CentOS-5", reference:"kernel-2.6.18-8.1.4.el5")) flag++;
if (rpm_check(release:"CentOS-5", cpu:"i386", reference:"kernel-PAE-2.6.18-8.1.4.el5")) flag++;
if (rpm_check(release:"CentOS-5", cpu:"i386", reference:"kernel-PAE-devel-2.6.18-8.1.4.el5")) flag++;
if (rpm_check(release:"CentOS-5", reference:"kernel-devel-2.6.18-8.1.4.el5")) flag++;
if (rpm_check(release:"CentOS-5", reference:"kernel-doc-2.6.18-8.1.4.el5")) flag++;
if (rpm_check(release:"CentOS-5", reference:"kernel-headers-2.6.18-8.1.4.el5")) flag++;
if (rpm_check(release:"CentOS-5", reference:"kernel-xen-2.6.18-8.1.4.el5")) flag++;
if (rpm_check(release:"CentOS-5", reference:"kernel-xen-devel-2.6.18-8.1.4.el5")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
{"id": "CENTOS_RHSA-2007-0347.NASL", "bulletinFamily": "scanner", "title": "CentOS 5 : kernel (CESA-2007:0347)", "description": "Updated kernel packages that fix security issues and bugs in the Red Hat Enterprise Linux 5 kernel are now available.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe Linux kernel handles the basic functions of the operating system.\n\nThese new kernel packages contain fixes for the following security issues :\n\n* a flaw in the handling of IPv6 type 0 routing headers that allowed remote users to cause a denial of service that led to a network amplification between two routers (CVE-2007-2242, Important).\n\n* a flaw in the nfnetlink_log netfilter module that allowed a local user to cause a denial of service (CVE-2007-1496, Important).\n\n* a flaw in the flow list of listening IPv6 sockets that allowed a local user to cause a denial of service (CVE-2007-1592, Important).\n\n* a flaw in the handling of netlink messages that allowed a local user to cause a denial of service (infinite recursion) (CVE-2007-1861, Important).\n\n* a flaw in the IPv4 forwarding base that allowed a local user to cause an out-of-bounds access (CVE-2007-2172, Important).\n\n* a flaw in the nf_conntrack netfilter module for IPv6 that allowed remote users to bypass certain netfilter rules using IPv6 fragments (CVE-2007-1497, Moderate).\n\nIn addition to the security issues described above, fixes for the following have been included :\n\n* a regression in ipv6 routing.\n\n* an error in memory initialization that caused gdb to output inaccurate backtraces on ia64.\n\n* the nmi watchdog timeout was updated from 5 to 30 seconds.\n\n* a flaw in distributed lock management that could result in errors during virtual machine migration.\n\n* an omitted include in kernel-headers that led to compile failures for some packages.\n\nRed Hat Enterprise Linux 5 users are advised to upgrade to these packages, which contain backported patches to correct these issues.", "published": "2010-01-06T00:00:00", "modified": "2016-11-17T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=43641", "reporter": "Tenable", "references": ["http://lists.centos.org/pipermail/centos-announce/2007-May/013802.html", "http://lists.centos.org/pipermail/centos-announce/2007-May/013803.html"], "cvelist": ["CVE-2007-2172", "CVE-2007-1496", "CVE-2007-2242", "CVE-2007-1592", "CVE-2007-1497", "CVE-2007-1861"], "type": "nessus", "lastseen": "2017-10-29T13:34:06", "history": [{"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2007-2172", "CVE-2007-1496", "CVE-2007-2242", "CVE-2007-1592", "CVE-2007-1497", "CVE-2007-1861"], "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "description": "Updated kernel packages that fix security issues and bugs in the Red Hat Enterprise Linux 5 kernel are now available.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe Linux kernel handles the basic functions of the operating system.\n\nThese new kernel packages contain fixes for the following security issues :\n\n* a flaw in the handling of IPv6 type 0 routing headers that allowed remote users to cause a denial of service that led to a network amplification between two routers (CVE-2007-2242, Important).\n\n* a flaw in the nfnetlink_log netfilter module that allowed a local user to cause a denial of service (CVE-2007-1496, Important).\n\n* a flaw in the flow list of listening IPv6 sockets that allowed a local user to cause a denial of service (CVE-2007-1592, Important).\n\n* a flaw in the handling of netlink messages that allowed a local user to cause a denial of service (infinite recursion) (CVE-2007-1861, Important).\n\n* a flaw in the IPv4 forwarding base that allowed a local user to cause an out-of-bounds access (CVE-2007-2172, Important).\n\n* a flaw in the nf_conntrack netfilter module for IPv6 that allowed remote users to bypass certain netfilter rules using IPv6 fragments (CVE-2007-1497, Moderate).\n\nIn addition to the security issues described above, fixes for the following have been included :\n\n* a regression in ipv6 routing.\n\n* an error in memory initialization that caused gdb to output inaccurate backtraces on ia64.\n\n* the nmi watchdog timeout was updated from 5 to 30 seconds.\n\n* a flaw in distributed lock management that could result in errors during virtual machine migration.\n\n* an omitted include in kernel-headers that led to compile failures for some packages.\n\nRed Hat Enterprise Linux 5 users are advised to upgrade to these packages, which contain backported patches to correct these issues.", "edition": 1, "hash": "2b73a699ce370bdeb1439826d751d749aa4cee15f6df1d7ce322ad6c5d0c53f5", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "ed3111898fb94205e2b64cefef5a2081", "key": "cvss"}, {"hash": "1f84da787227d8b8b0515b15bd737b93", "key": "href"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e4fa0d6e7b91160bbfbde038a2ba4b4f", "key": "title"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "849c9648ebd21592e69b9d0c9d74afc3", "key": "cvelist"}, {"hash": "5e059bbce84327a1ba30d252ae176f99", "key": "sourceData"}, {"hash": "0d688e008e4a1e600d546a55cb9e276f", "key": "references"}, {"hash": "13f4c3ea99a9d71a729f1d00e5b614d9", "key": "modified"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "5db413912b703e46bc1aaee48504bfae", "key": "pluginID"}, {"hash": "b104209ad59eaacc00869fe5db796a74", "key": "description"}, {"hash": "fd5b0ac2be0f5feddb6b303186cd9f6f", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=43641", "id": "CENTOS_RHSA-2007-0347.NASL", "lastseen": "2016-09-26T17:23:25", "modified": "2016-05-04T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.2", "pluginID": "43641", "published": "2010-01-06T00:00:00", "references": ["http://lists.centos.org/pipermail/centos-announce/2007-May/013802.html", "http://lists.centos.org/pipermail/centos-announce/2007-May/013803.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0347 and \n# CentOS Errata and Security Advisory 2007:0347 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43641);\n script_version(\"$Revision: 1.9 $\");\n script_cvs_date(\"$Date: 2016/05/04 14:30:41 $\");\n\n script_cve_id(\"CVE-2007-1496\", \"CVE-2007-1497\", \"CVE-2007-1592\", \"CVE-2007-1861\", \"CVE-2007-2172\", \"CVE-2007-2242\");\n script_bugtraq_id(23104, 23615);\n script_osvdb_id(34365, 35303, 37120, 37121, 107978);\n script_xref(name:\"RHSA\", value:\"2007:0347\");\n\n script_name(english:\"CentOS 5 : kernel (CESA-2007:0347)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix security issues and bugs in the Red\nHat Enterprise Linux 5 kernel are now available.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe Linux kernel handles the basic functions of the operating system.\n\nThese new kernel packages contain fixes for the following security\nissues :\n\n* a flaw in the handling of IPv6 type 0 routing headers that allowed\nremote users to cause a denial of service that led to a network\namplification between two routers (CVE-2007-2242, Important).\n\n* a flaw in the nfnetlink_log netfilter module that allowed a local\nuser to cause a denial of service (CVE-2007-1496, Important).\n\n* a flaw in the flow list of listening IPv6 sockets that allowed a\nlocal user to cause a denial of service (CVE-2007-1592, Important).\n\n* a flaw in the handling of netlink messages that allowed a local user\nto cause a denial of service (infinite recursion) (CVE-2007-1861,\nImportant).\n\n* a flaw in the IPv4 forwarding base that allowed a local user to\ncause an out-of-bounds access (CVE-2007-2172, Important).\n\n* a flaw in the nf_conntrack netfilter module for IPv6 that allowed\nremote users to bypass certain netfilter rules using IPv6 fragments\n(CVE-2007-1497, Moderate).\n\nIn addition to the security issues described above, fixes for the\nfollowing have been included :\n\n* a regression in ipv6 routing.\n\n* an error in memory initialization that caused gdb to output\ninaccurate backtraces on ia64.\n\n* the nmi watchdog timeout was updated from 5 to 30 seconds.\n\n* a flaw in distributed lock management that could result in errors\nduring virtual machine migration.\n\n* an omitted include in kernel-headers that led to compile failures\nfor some packages.\n\nRed Hat Enterprise Linux 5 users are advised to upgrade to these\npackages, which contain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.centos.org/pipermail/centos-announce/2007-May/013802.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.centos.org/pipermail/centos-announce/2007-May/013803.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/06\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/03/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-2.6.18-8.1.4.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-8.1.4.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-8.1.4.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-devel-2.6.18-8.1.4.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-doc-2.6.18-8.1.4.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-headers-2.6.18-8.1.4.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-xen-2.6.18-8.1.4.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-xen-devel-2.6.18-8.1.4.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "CentOS 5 : kernel (CESA-2007:0347)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2016-09-26T17:23:25"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2007-2172", "CVE-2007-1496", "CVE-2007-2242", "CVE-2007-1592", "CVE-2007-1497", "CVE-2007-1861"], "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "description": "Updated kernel packages that fix security issues and bugs in the Red Hat Enterprise Linux 5 kernel are now available.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe Linux kernel handles the basic functions of the operating system.\n\nThese new kernel packages contain fixes for the following security issues :\n\n* a flaw in the handling of IPv6 type 0 routing headers that allowed remote users to cause a denial of service that led to a network amplification between two routers (CVE-2007-2242, Important).\n\n* a flaw in the nfnetlink_log netfilter module that allowed a local user to cause a denial of service (CVE-2007-1496, Important).\n\n* a flaw in the flow list of listening IPv6 sockets that allowed a local user to cause a denial of service (CVE-2007-1592, Important).\n\n* a flaw in the handling of netlink messages that allowed a local user to cause a denial of service (infinite recursion) (CVE-2007-1861, Important).\n\n* a flaw in the IPv4 forwarding base that allowed a local user to cause an out-of-bounds access (CVE-2007-2172, Important).\n\n* a flaw in the nf_conntrack netfilter module for IPv6 that allowed remote users to bypass certain netfilter rules using IPv6 fragments (CVE-2007-1497, Moderate).\n\nIn addition to the security issues described above, fixes for the following have been included :\n\n* a regression in ipv6 routing.\n\n* an error in memory initialization that caused gdb to output inaccurate backtraces on ia64.\n\n* the nmi watchdog timeout was updated from 5 to 30 seconds.\n\n* a flaw in distributed lock management that could result in errors during virtual machine migration.\n\n* an omitted include in kernel-headers that led to compile failures for some packages.\n\nRed Hat Enterprise Linux 5 users are advised to upgrade to these packages, which contain backported patches to correct these issues.", "edition": 2, "enchantments": {}, "hash": "8bc95fcb00eccd8d12cbf34618053f25709fe80e8a2c52d0ce92223f73608f70", "hashmap": [{"hash": "77fc6a6e95dee9a1e4d3726560063eef", "key": "modified"}, {"hash": "ed3111898fb94205e2b64cefef5a2081", "key": "cvss"}, {"hash": "1f84da787227d8b8b0515b15bd737b93", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e4fa0d6e7b91160bbfbde038a2ba4b4f", "key": "title"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "849c9648ebd21592e69b9d0c9d74afc3", "key": "cvelist"}, {"hash": "0d688e008e4a1e600d546a55cb9e276f", "key": "references"}, {"hash": "2aa7fa9c39a02fd1f36c1077a0d1671e", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "5db413912b703e46bc1aaee48504bfae", "key": "pluginID"}, {"hash": "b104209ad59eaacc00869fe5db796a74", "key": "description"}, {"hash": "fd5b0ac2be0f5feddb6b303186cd9f6f", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=43641", "id": "CENTOS_RHSA-2007-0347.NASL", "lastseen": "2016-11-18T05:24:19", "modified": "2016-11-17T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.2", "pluginID": "43641", "published": "2010-01-06T00:00:00", "references": ["http://lists.centos.org/pipermail/centos-announce/2007-May/013802.html", "http://lists.centos.org/pipermail/centos-announce/2007-May/013803.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0347 and \n# CentOS Errata and Security Advisory 2007:0347 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43641);\n script_version(\"$Revision: 1.10 $\");\n script_cvs_date(\"$Date: 2016/11/17 20:59:08 $\");\n\n script_cve_id(\"CVE-2007-1496\", \"CVE-2007-1497\", \"CVE-2007-1592\", \"CVE-2007-1861\", \"CVE-2007-2172\", \"CVE-2007-2242\");\n script_bugtraq_id(23104, 23615);\n script_osvdb_id(34365, 35303, 37120, 37121, 107978);\n script_xref(name:\"RHSA\", value:\"2007:0347\");\n\n script_name(english:\"CentOS 5 : kernel (CESA-2007:0347)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix security issues and bugs in the Red\nHat Enterprise Linux 5 kernel are now available.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe Linux kernel handles the basic functions of the operating system.\n\nThese new kernel packages contain fixes for the following security\nissues :\n\n* a flaw in the handling of IPv6 type 0 routing headers that allowed\nremote users to cause a denial of service that led to a network\namplification between two routers (CVE-2007-2242, Important).\n\n* a flaw in the nfnetlink_log netfilter module that allowed a local\nuser to cause a denial of service (CVE-2007-1496, Important).\n\n* a flaw in the flow list of listening IPv6 sockets that allowed a\nlocal user to cause a denial of service (CVE-2007-1592, Important).\n\n* a flaw in the handling of netlink messages that allowed a local user\nto cause a denial of service (infinite recursion) (CVE-2007-1861,\nImportant).\n\n* a flaw in the IPv4 forwarding base that allowed a local user to\ncause an out-of-bounds access (CVE-2007-2172, Important).\n\n* a flaw in the nf_conntrack netfilter module for IPv6 that allowed\nremote users to bypass certain netfilter rules using IPv6 fragments\n(CVE-2007-1497, Moderate).\n\nIn addition to the security issues described above, fixes for the\nfollowing have been included :\n\n* a regression in ipv6 routing.\n\n* an error in memory initialization that caused gdb to output\ninaccurate backtraces on ia64.\n\n* the nmi watchdog timeout was updated from 5 to 30 seconds.\n\n* a flaw in distributed lock management that could result in errors\nduring virtual machine migration.\n\n* an omitted include in kernel-headers that led to compile failures\nfor some packages.\n\nRed Hat Enterprise Linux 5 users are advised to upgrade to these\npackages, which contain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.centos.org/pipermail/centos-announce/2007-May/013802.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.centos.org/pipermail/centos-announce/2007-May/013803.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/06\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/03/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-2.6.18-8.1.4.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-8.1.4.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-8.1.4.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-devel-2.6.18-8.1.4.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-doc-2.6.18-8.1.4.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-headers-2.6.18-8.1.4.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-xen-2.6.18-8.1.4.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-xen-devel-2.6.18-8.1.4.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "CentOS 5 : kernel (CESA-2007:0347)", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 2, "lastseen": "2016-11-18T05:24:19"}], "edition": 3, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "33d5f1543cf7b17b9d0952c39e70d261"}, {"key": "cvelist", "hash": "849c9648ebd21592e69b9d0c9d74afc3"}, {"key": "cvss", "hash": "ed3111898fb94205e2b64cefef5a2081"}, {"key": "description", "hash": "b104209ad59eaacc00869fe5db796a74"}, {"key": "href", "hash": "1f84da787227d8b8b0515b15bd737b93"}, {"key": "modified", "hash": "77fc6a6e95dee9a1e4d3726560063eef"}, {"key": "naslFamily", "hash": "8f8213e8b86855939d5beea715ce3045"}, {"key": "pluginID", "hash": "5db413912b703e46bc1aaee48504bfae"}, {"key": "published", "hash": "fd5b0ac2be0f5feddb6b303186cd9f6f"}, {"key": "references", "hash": "0d688e008e4a1e600d546a55cb9e276f"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "2aa7fa9c39a02fd1f36c1077a0d1671e"}, {"key": "title", "hash": "e4fa0d6e7b91160bbfbde038a2ba4b4f"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "869df9d8652329770d616eaddc43e67d9ec48374990fb1900f27eed560ff0eb9", "viewCount": 0, "enchantments": {"vulnersScore": 3.5}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0347 and \n# CentOS Errata and Security Advisory 2007:0347 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43641);\n script_version(\"$Revision: 1.10 $\");\n script_cvs_date(\"$Date: 2016/11/17 20:59:08 $\");\n\n script_cve_id(\"CVE-2007-1496\", \"CVE-2007-1497\", \"CVE-2007-1592\", \"CVE-2007-1861\", \"CVE-2007-2172\", \"CVE-2007-2242\");\n script_bugtraq_id(23104, 23615);\n script_osvdb_id(34365, 35303, 37120, 37121, 107978);\n script_xref(name:\"RHSA\", value:\"2007:0347\");\n\n script_name(english:\"CentOS 5 : kernel (CESA-2007:0347)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix security issues and bugs in the Red\nHat Enterprise Linux 5 kernel are now available.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe Linux kernel handles the basic functions of the operating system.\n\nThese new kernel packages contain fixes for the following security\nissues :\n\n* a flaw in the handling of IPv6 type 0 routing headers that allowed\nremote users to cause a denial of service that led to a network\namplification between two routers (CVE-2007-2242, Important).\n\n* a flaw in the nfnetlink_log netfilter module that allowed a local\nuser to cause a denial of service (CVE-2007-1496, Important).\n\n* a flaw in the flow list of listening IPv6 sockets that allowed a\nlocal user to cause a denial of service (CVE-2007-1592, Important).\n\n* a flaw in the handling of netlink messages that allowed a local user\nto cause a denial of service (infinite recursion) (CVE-2007-1861,\nImportant).\n\n* a flaw in the IPv4 forwarding base that allowed a local user to\ncause an out-of-bounds access (CVE-2007-2172, Important).\n\n* a flaw in the nf_conntrack netfilter module for IPv6 that allowed\nremote users to bypass certain netfilter rules using IPv6 fragments\n(CVE-2007-1497, Moderate).\n\nIn addition to the security issues described above, fixes for the\nfollowing have been included :\n\n* a regression in ipv6 routing.\n\n* an error in memory initialization that caused gdb to output\ninaccurate backtraces on ia64.\n\n* the nmi watchdog timeout was updated from 5 to 30 seconds.\n\n* a flaw in distributed lock management that could result in errors\nduring virtual machine migration.\n\n* an omitted include in kernel-headers that led to compile failures\nfor some packages.\n\nRed Hat Enterprise Linux 5 users are advised to upgrade to these\npackages, which contain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.centos.org/pipermail/centos-announce/2007-May/013802.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.centos.org/pipermail/centos-announce/2007-May/013803.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/06\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/03/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-2.6.18-8.1.4.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-8.1.4.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-8.1.4.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-devel-2.6.18-8.1.4.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-doc-2.6.18-8.1.4.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-headers-2.6.18-8.1.4.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-xen-2.6.18-8.1.4.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-xen-devel-2.6.18-8.1.4.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "CentOS Local Security Checks", "pluginID": "43641", "cpe": ["p-cpe:/a:centos:centos:kernel-PAE-devel", "p-cpe:/a:centos:centos:kernel-xen-devel", "p-cpe:/a:centos:centos:kernel-xen", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-headers", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:kernel-PAE"]}
{"result": {"cve": [{"id": "CVE-2007-2172", "type": "cve", "title": "CVE-2007-2172", "description": "A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before 2.4.35 causes RTA_MAX to be used as an array size instead of RTN_MAX, which leads to an \"out of bound access\" by the (1) dn_fib_props (dn_fib.c, DECNet) and (2) fib_props (fib_semantics.c, IPv4) functions.", "published": "2007-04-22T15:19:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2172", "cvelist": ["CVE-2007-2172"], "lastseen": "2017-10-11T11:07:07"}, {"id": "CVE-2007-1496", "type": "cve", "title": "CVE-2007-1496", "description": "nfnetlink_log in netfilter in the Linux kernel before 2.6.20.3 allows attackers to cause a denial of service (crash) via unspecified vectors involving the (1) nfulnl_recv_config function, (2) using \"multiple packets per netlink message\", and (3) bridged packets, which trigger a NULL pointer dereference.", "published": "2007-03-16T18:19:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1496", "cvelist": ["CVE-2007-1496"], "lastseen": "2017-10-11T11:07:03"}, {"id": "CVE-2007-2242", "type": "cve", "title": "CVE-2007-2242", "description": "The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers.", "published": "2007-04-25T12:19:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2242", "cvelist": ["CVE-2007-2242"], "lastseen": "2017-10-11T11:07:07"}, {"id": "CVE-2007-1592", "type": "cve", "title": "CVE-2007-1592", "description": "net/ipv6/tcp_ipv6.c in Linux kernel 2.6.x up to 2.6.21-rc3 inadvertently copies the ipv6_fl_socklist from a listening TCP socket to child sockets, which allows local users to cause a denial of service (OOPS) or double free by opening a listening IPv6 socket, attaching a flow label, and connecting to that socket.", "published": "2007-03-22T15:19:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1592", "cvelist": ["CVE-2007-1592"], "lastseen": "2017-10-11T11:07:04"}, {"id": "CVE-2007-1497", "type": "cve", "title": "CVE-2007-1497", "description": "nf_conntrack in netfilter in the Linux kernel before 2.6.20.3 does not set nfctinfo during reassembly of fragmented packets, which leaves the default value as IP_CT_ESTABLISHED and might allow remote attackers to bypass certain rulesets using IPv6 fragments.", "published": "2007-03-16T18:19:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1497", "cvelist": ["CVE-2007-1497"], "lastseen": "2017-10-11T11:07:03"}, {"id": "CVE-2007-1861", "type": "cve", "title": "CVE-2007-1861", "description": "The nl_fib_lookup function in net/ipv4/fib_frontend.c in Linux Kernel before 2.6.20.8 allows attackers to cause a denial of service (kernel panic) via NETLINK_FIB_LOOKUP replies, which trigger infinite recursion and a stack overflow.", "published": "2007-05-07T15:19:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1861", "cvelist": ["CVE-2007-1861"], "lastseen": "2017-10-11T11:07:05"}], "osvdb": [{"id": "OSVDB:37120", "type": "osvdb", "title": "Linux Kernel dn_fib_props (dn_fib.c, DECNet) RTA_MAX DoS", "description": "## Solution Description\nUpgrade to version 2.4.35 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor Specific News/Changelog Entry: http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.21-rc6\nVendor Specific News/Changelog Entry: http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.35\nVendor Specific News/Changelog Entry: http://www.mail-archive.com/git-commits-head@vger.kernel.org/msg08270.html\nVendor Specific News/Changelog Entry: http://www.mail-archive.com/git-commits-head@vger.kernel.org/msg08269.html\n[Secunia Advisory ID:26244](https://secuniaresearch.flexerasoftware.com/advisories/26244/)\n[Secunia Advisory ID:26450](https://secuniaresearch.flexerasoftware.com/advisories/26450/)\n[Secunia Advisory ID:26647](https://secuniaresearch.flexerasoftware.com/advisories/26647/)\n[Secunia Advisory ID:26620](https://secuniaresearch.flexerasoftware.com/advisories/26620/)\n[Secunia Advisory ID:26289](https://secuniaresearch.flexerasoftware.com/advisories/26289/)\n[Secunia Advisory ID:25288](https://secuniaresearch.flexerasoftware.com/advisories/25288/)\n[Secunia Advisory ID:25392](https://secuniaresearch.flexerasoftware.com/advisories/25392/)\n[Secunia Advisory ID:25838](https://secuniaresearch.flexerasoftware.com/advisories/25838/)\n[Secunia Advisory ID:25068](https://secuniaresearch.flexerasoftware.com/advisories/25068/)\n[Secunia Advisory ID:27913](https://secuniaresearch.flexerasoftware.com/advisories/27913/)\n[Related OSVDB ID: 37121](https://vulners.com/osvdb/OSVDB:37121)\nRedHat RHSA: RHSA-2007:0347\nRedHat RHSA: RHSA-2007:0488\nRedHat RHSA: RHSA-2007:1049\nOther Advisory URL: http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.35\nOther Advisory URL: http://www.debian.org/security/2007/dsa-1363\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:171\nOther Advisory URL: http://www.us.debian.org/security/2007/dsa-1356\nOther Advisory URL: http://support.avaya.com/elmodocs2/security/ASA-2007-287.htm\nOther Advisory URL: http://www.debian.org/security/2007/dsa-1356\nOther Advisory URL: http://frontal2.mandriva.com/security/advisories?name=MDKSA-2007:171\nOther Advisory URL: http://www.ubuntu.com/usn/usn-464-1\nOther Advisory URL: http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00125.html\nOther Advisory URL: http://www.redhat.com/support/errata/RHSA-2007-0347.html\nFrSIRT Advisory: ADV-2007-2690\n[CVE-2007-2172](https://vulners.com/cve/CVE-2007-2172)\nBugtraq ID: 23447\n", "published": "2007-07-27T18:56:49", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://vulners.com/osvdb/OSVDB:37120", "cvelist": ["CVE-2007-2172"], "lastseen": "2017-04-28T13:20:33"}, {"id": "OSVDB:37121", "type": "osvdb", "title": "Linux Kernel fib_props (fib_semantics.c, IPv4) RTA_MAX DoS", "description": "## Solution Description\nUpgrade to version 2.4.35 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor Specific News/Changelog Entry: http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.21-rc6\nVendor Specific News/Changelog Entry: http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.35\nVendor Specific News/Changelog Entry: http://www.mail-archive.com/git-commits-head@vger.kernel.org/msg08270.html\nVendor Specific News/Changelog Entry: http://www.mail-archive.com/git-commits-head@vger.kernel.org/msg08269.html\n[Secunia Advisory ID:26244](https://secuniaresearch.flexerasoftware.com/advisories/26244/)\n[Secunia Advisory ID:26450](https://secuniaresearch.flexerasoftware.com/advisories/26450/)\n[Secunia Advisory ID:26647](https://secuniaresearch.flexerasoftware.com/advisories/26647/)\n[Secunia Advisory ID:26620](https://secuniaresearch.flexerasoftware.com/advisories/26620/)\n[Secunia Advisory ID:26289](https://secuniaresearch.flexerasoftware.com/advisories/26289/)\n[Secunia Advisory ID:25068](https://secuniaresearch.flexerasoftware.com/advisories/25068/)\n[Secunia Advisory ID:25288](https://secuniaresearch.flexerasoftware.com/advisories/25288/)\n[Secunia Advisory ID:25392](https://secuniaresearch.flexerasoftware.com/advisories/25392/)\n[Secunia Advisory ID:25838](https://secuniaresearch.flexerasoftware.com/advisories/25838/)\n[Secunia Advisory ID:27913](https://secuniaresearch.flexerasoftware.com/advisories/27913/)\n[Related OSVDB ID: 37120](https://vulners.com/osvdb/OSVDB:37120)\nRedHat RHSA: RHSA-2007:0347\nRedHat RHSA: RHSA-2007:0488\nRedHat RHSA: RHSA-2007:1049\nOther Advisory URL: http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.35\nOther Advisory URL: http://www.debian.org/security/2007/dsa-1363\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:171\nOther Advisory URL: http://www.us.debian.org/security/2007/dsa-1356\nOther Advisory URL: http://frontal2.mandriva.com/security/advisories?name=MDKSA-2007:171\nOther Advisory URL: http://support.avaya.com/elmodocs2/security/ASA-2007-287.htm\nOther Advisory URL: http://www.debian.org/security/2007/dsa-1356\nOther Advisory URL: http://www.ubuntu.com/usn/usn-464-1\nOther Advisory URL: http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00125.html\nOther Advisory URL: http://www.redhat.com/support/errata/RHSA-2007-0347.html\nFrSIRT Advisory: ADV-2007-2690\n[CVE-2007-2172](https://vulners.com/cve/CVE-2007-2172)\nBugtraq ID: 23447\n", "published": "2007-07-27T18:56:49", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://vulners.com/osvdb/OSVDB:37121", "cvelist": ["CVE-2007-2172"], "lastseen": "2017-04-28T13:20:33"}, {"id": "OSVDB:33027", "type": "osvdb", "title": "Linux Kernel net/netfilter/nfnetlink_log.c Crafted Packet Remote DoS", "description": "## Solution Description\nUpgrade to version 2.6.20.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor Specific News/Changelog Entry: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.3\n[Secunia Advisory ID:24492](https://secuniaresearch.flexerasoftware.com/advisories/24492/)\n[Secunia Advisory ID:25961](https://secuniaresearch.flexerasoftware.com/advisories/25961/)\n[Secunia Advisory ID:26620](https://secuniaresearch.flexerasoftware.com/advisories/26620/)\n[Secunia Advisory ID:25228](https://secuniaresearch.flexerasoftware.com/advisories/25228/)\n[Secunia Advisory ID:25392](https://secuniaresearch.flexerasoftware.com/advisories/25392/)\n[Related OSVDB ID: 33028](https://vulners.com/osvdb/OSVDB:33028)\nOther Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00005.html\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:171\nOther Advisory URL: http://www.ubuntu.com/usn/usn-464-1\nOther Advisory URL: http://www.us.debian.org/security/2007/dsa-1289\nFrSIRT Advisory: ADV-2007-0944\n[CVE-2007-1496](https://vulners.com/cve/CVE-2007-1496)\nBugtraq ID: 22946\n", "published": "2007-03-07T10:33:59", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://vulners.com/osvdb/OSVDB:33027", "cvelist": ["CVE-2007-1496"], "lastseen": "2017-04-28T13:20:29"}, {"id": "OSVDB:35303", "type": "osvdb", "title": "Multiple OS IPv6 Type 0 Route Headers DoS", "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://security.freebsd.org/advisories/FreeBSD-SA-07:03.ipv6.asc)\n[Vendor Specific Advisory URL](http://openbsd.org/errata39.html#022_route6)\n[Vendor Specific Advisory URL](http://docs.info.apple.com/article.html?artnum=305712)\n[Vendor Specific Advisory URL](http://openbsd.org/errata40.html#012_route6)\n[Secunia Advisory ID:26133](https://secuniaresearch.flexerasoftware.com/advisories/26133/)\n[Secunia Advisory ID:25083](https://secuniaresearch.flexerasoftware.com/advisories/25083/)\n[Secunia Advisory ID:26620](https://secuniaresearch.flexerasoftware.com/advisories/26620/)\n[Secunia Advisory ID:26703](https://secuniaresearch.flexerasoftware.com/advisories/26703/)\n[Secunia Advisory ID:24978](https://secuniaresearch.flexerasoftware.com/advisories/24978/)\n[Secunia Advisory ID:25033](https://secuniaresearch.flexerasoftware.com/advisories/25033/)\n[Secunia Advisory ID:25691](https://secuniaresearch.flexerasoftware.com/advisories/25691/)\n[Secunia Advisory ID:26651](https://secuniaresearch.flexerasoftware.com/advisories/26651/)\n[Secunia Advisory ID:25068](https://secuniaresearch.flexerasoftware.com/advisories/25068/)\n[Secunia Advisory ID:25288](https://secuniaresearch.flexerasoftware.com/advisories/25288/)\n[Secunia Advisory ID:25770](https://secuniaresearch.flexerasoftware.com/advisories/25770/)\n[Secunia Advisory ID:26664](https://secuniaresearch.flexerasoftware.com/advisories/26664/)\nRedHat RHSA: RHSA-2007:0347\nOther Advisory URL: http://www.ubuntu.com/usn/usn-486-1\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:171\nOther Advisory URL: http://support.novell.com/techcenter/psdb/a4e6d19f94707022b621550d1049f74e.html\nOther Advisory URL: https://issues.rpath.com/browse/RPL-1310\nOther Advisory URL: http://www.ubuntu.com/usn/usn-508-1\nOther Advisory URL: http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-May/000179.html\nOther Advisory URL: http://openbsd.org/errata40.html#012_route6\nOther Advisory URL: http://openbsd.org/errata39.html#022_route6\nOther Advisory URL: http://security.freebsd.org/advisories/FreeBSD-SA-07:03.ipv6.asc\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-June/000200.html\nOther Advisory URL: http://docs.info.apple.com/article.html?artnum=306375\nKeyword: CanSecWest 2007\nISS X-Force ID: 33851\nFrSIRT Advisory: ADV-2007-1563\n[CVE-2007-2242](https://vulners.com/cve/CVE-2007-2242)\nBugtraq ID: 23615\n", "published": "2007-04-24T04:48:26", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://vulners.com/osvdb/OSVDB:35303", "cvelist": ["CVE-2007-2242"], "lastseen": "2017-04-28T13:20:31"}, {"id": "OSVDB:34365", "type": "osvdb", "title": "Linux Kernel net/ipv6/tcp_ipv6.c ipv6_fl_socklist Function Local DoS", "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d35690beda1429544d46c8eb34b2e3a8c37ab299\nVendor Specific News/Changelog Entry: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.4\n[Secunia Advisory ID:25630](https://secuniaresearch.flexerasoftware.com/advisories/25630/)\n[Secunia Advisory ID:25714](https://secuniaresearch.flexerasoftware.com/advisories/25714/)\n[Secunia Advisory ID:26379](https://secuniaresearch.flexerasoftware.com/advisories/26379/)\n[Secunia Advisory ID:25961](https://secuniaresearch.flexerasoftware.com/advisories/25961/)\n[Secunia Advisory ID:27528](https://secuniaresearch.flexerasoftware.com/advisories/27528/)\n[Secunia Advisory ID:24777](https://secuniaresearch.flexerasoftware.com/advisories/24777/)\n[Secunia Advisory ID:25099](https://secuniaresearch.flexerasoftware.com/advisories/25099/)\n[Secunia Advisory ID:25226](https://secuniaresearch.flexerasoftware.com/advisories/25226/)\n[Secunia Advisory ID:25683](https://secuniaresearch.flexerasoftware.com/advisories/25683/)\n[Secunia Advisory ID:24618](https://secuniaresearch.flexerasoftware.com/advisories/24618/)\n[Secunia Advisory ID:25078](https://secuniaresearch.flexerasoftware.com/advisories/25078/)\n[Secunia Advisory ID:25392](https://secuniaresearch.flexerasoftware.com/advisories/25392/)\nRedHat RHSA: RHSA-2007:0436\nRedHat RHSA: RHSA-2007:0672\nOther Advisory URL: http://www.us.debian.org/security/2007/dsa-1286\nOther Advisory URL: http://www.debian.org/security/2007/dsa-1286\nOther Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00005.html\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2007-May/0003.html\nOther Advisory URL: http://www.debian.org/security/2007/dsa-1304\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:078\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2007-May/0001.html\nOther Advisory URL: http://frontal2.mandriva.com/security/advisories?name=MDKSA-2007:078\nOther Advisory URL: http://www.ubuntu.com/usn/usn-464-1\nOther Advisory URL: http://support.avaya.com/elmodocs2/security/ASA-2007-404.htm\nOther Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-06/msg00004.html\nMail List Post: http://marc.info/?l=linux-netdev&m=117406721731891&w=2\nISS X-Force ID: 33176\nFrSIRT Advisory: ADV-2007-1084\n[CVE-2007-1592](https://vulners.com/cve/CVE-2007-1592)\nBugtraq ID: 23104\n", "published": "2007-03-16T05:19:20", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://vulners.com/osvdb/OSVDB:34365", "cvelist": ["CVE-2007-1592"], "lastseen": "2017-04-28T13:20:30"}, {"id": "OSVDB:33028", "type": "osvdb", "title": "Linux Kernel conntrack IPv6 Packet Reassembly Ruleset Bypass", "description": "## Vulnerability Description\nThe Linux Kernel contains a flaw that may allows a remote attacker to bypass certain netfilter rulesets. The issue is due to the 'nf_conntrack' function not copying 'nfctinfo' information resulting in IPv6 fragments are treated as established and could allow an attacker to bypass a ruleset that accepts established packets.\n## Solution Description\nUpgrade to version 2.6.20.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nThe Linux Kernel contains a flaw that may allows a remote attacker to bypass certain netfilter rulesets. The issue is due to the 'nf_conntrack' function not copying 'nfctinfo' information resulting in IPv6 fragments are treated as established and could allow an attacker to bypass a ruleset that accepts established packets.\n## References:\nVendor Specific News/Changelog Entry: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.3\n[Secunia Advisory ID:24492](https://secuniaresearch.flexerasoftware.com/advisories/24492/)\n[Secunia Advisory ID:25961](https://secuniaresearch.flexerasoftware.com/advisories/25961/)\n[Secunia Advisory ID:26620](https://secuniaresearch.flexerasoftware.com/advisories/26620/)\n[Secunia Advisory ID:25228](https://secuniaresearch.flexerasoftware.com/advisories/25228/)\n[Secunia Advisory ID:25392](https://secuniaresearch.flexerasoftware.com/advisories/25392/)\n[Related OSVDB ID: 33027](https://vulners.com/osvdb/OSVDB:33027)\nOther Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00005.html\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:171\nOther Advisory URL: http://www.ubuntu.com/usn/usn-464-1\nOther Advisory URL: http://www.us.debian.org/security/2007/dsa-1289\nFrSIRT Advisory: ADV-2007-0944\n[CVE-2007-1497](https://vulners.com/cve/CVE-2007-1497)\n", "published": "2007-03-07T10:33:59", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://vulners.com/osvdb/OSVDB:33028", "cvelist": ["CVE-2007-1497"], "lastseen": "2017-04-28T13:20:29"}, {"id": "OSVDB:34741", "type": "osvdb", "title": "Linux Kernel net/ipv4/fib_frontend.c nl_fib_lookup Function DoS", "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.8\n[Secunia Advisory ID:26133](https://secuniaresearch.flexerasoftware.com/advisories/26133/)\n[Secunia Advisory ID:25083](https://secuniaresearch.flexerasoftware.com/advisories/25083/)\n[Secunia Advisory ID:25961](https://secuniaresearch.flexerasoftware.com/advisories/25961/)\n[Secunia Advisory ID:26620](https://secuniaresearch.flexerasoftware.com/advisories/26620/)\n[Secunia Advisory ID:25691](https://secuniaresearch.flexerasoftware.com/advisories/25691/)\n[Secunia Advisory ID:26139](https://secuniaresearch.flexerasoftware.com/advisories/26139/)\n[Secunia Advisory ID:25030](https://secuniaresearch.flexerasoftware.com/advisories/25030/)\n[Secunia Advisory ID:25228](https://secuniaresearch.flexerasoftware.com/advisories/25228/)\nOther Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00005.html\nOther Advisory URL: http://www.ubuntu.com/usn/usn-486-1\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:171\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-May/000179.html\nOther Advisory URL: https://issues.rpath.com/browse/RPL-1309\nOther Advisory URL: http://www.us.debian.org/security/2007/dsa-1289\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-June/000200.html\nOther Advisory URL: http://www.ubuntu.com/usn/usn-489-1\nFrSIRT Advisory: ADV-2007-1595\n[CVE-2007-1861](https://vulners.com/cve/CVE-2007-1861)\nBugtraq ID: 23677\n", "published": "2007-04-25T04:18:58", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://vulners.com/osvdb/OSVDB:34741", "cvelist": ["CVE-2007-1861"], "lastseen": "2017-04-28T13:20:30"}], "debian": [{"id": "DSA-1363", "type": "debian", "title": "linux-2.6 -- several vulnerabilities", "description": "Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:\n\n * [CVE-2007-2172](<https://security-tracker.debian.org/tracker/CVE-2007-2172>)\n\nThomas Graf reported a typo in the IPv4 protocol handler that could be used by a local attacker to overrun an array via crafted packets, potentially resulting in a Denial of Service (system crash). The DECnet counterpart of this issue was already fixed in DSA-1356.\n\n * [CVE-2007-2875](<https://security-tracker.debian.org/tracker/CVE-2007-2875>)\n\niDefense reported a potential integer underflow in the cpuset filesystem which may permit local attackers to gain access to sensitive kernel memory. This vulnerability is only exploitable if the cpuset filesystem is mounted.\n\n * [CVE-2007-3105](<https://security-tracker.debian.org/tracker/CVE-2007-3105>)\n\nThe PaX Team discovered a potential buffer overflow in the random number generator which may permit local users to cause a denial of service or gain additional privileges. This issue is not believed to effect default Debian installations where only root has sufficient privileges to exploit it.\n\n * [CVE-2007-3843](<https://security-tracker.debian.org/tracker/CVE-2007-3843>)\n\nA coding error in the CIFS subsystem permits the use of unsigned messages even if the client has configured the system to enforce signing by passing the sec=ntlmv2i mount option. This may allow remote attackers to spoof CIFS network traffic.\n\n * [CVE-2007-4308](<https://security-tracker.debian.org/tracker/CVE-2007-4308>)\n\nAlan Cox reported an issue in the aacraid driver that allows unprivileged local users to make ioctl calls which should be restricted to admin privileges.\n\nThese problems have been fixed in the stable distribution in version 2.6.18.dfsg.1-13etch2.\n\nThe following matrix lists additional packages that were rebuilt for compatibility with or to take advantage of this update:\n\n| Debian 4.0 (etch) \n---|--- \nfai-kernels | 1.17+etch5 \nuser-mode-linux | 2.6.18-1um-2etch4 \n \nWe recommend that you upgrade your kernel package immediately and reboot the machine. If you have built a custom kernel from the kernel source package, you will need to rebuild to take advantage of these fixes.", "published": "2007-08-31T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-1363", "cvelist": ["CVE-2007-2172", "CVE-2007-3105", "CVE-2007-3843", "CVE-2007-2875"], "lastseen": "2016-09-02T18:21:08"}, {"id": "DSA-1356", "type": "debian", "title": "linux-2.6 -- several vulnerabilities", "description": "Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:\n\n * [CVE-2007-1353](<https://security-tracker.debian.org/tracker/CVE-2007-1353>)\n\nIlja van Sprundel discovered that kernel memory could be leaked via the Bluetooth setsockopt call due to an uninitialized stack buffer. This could be used by local attackers to read the contents of sensitive kernel memory.\n\n * [CVE-2007-2172](<https://security-tracker.debian.org/tracker/CVE-2007-2172>)\n\nThomas Graf reported a typo in the DECnet protocol handler that could be used by a local attacker to overrun an array via crafted packets, potentially resulting in a Denial of Service (system crash). A similar issue exists in the IPV4 protocol handler and will be fixed in a subsequent update.\n\n * [CVE-2007-2453](<https://security-tracker.debian.org/tracker/CVE-2007-2453>)\n\nA couple of issues with random number generation were discovered. Slightly less random numbers resulted from hashing a subset of the available entropy. Zero-entropy systems were seeded with the same inputs at boot time, resulting in repeatable series of random numbers.\n\n * [CVE-2007-2525](<https://security-tracker.debian.org/tracker/CVE-2007-2525>)\n\nFlorian Zumbiehl discovered a memory leak in the PPPOE subsystem caused by releasing a socket before PPPIOCGCHAN is called upon it. This could be used by a local user to DoS a system by consuming all available memory.\n\n * [CVE-2007-2876](<https://security-tracker.debian.org/tracker/CVE-2007-2876>)\n\nVilmos Nebehaj discovered a NULL pointer dereference condition in the netfilter subsystem. This allows remote systems which communicate using the SCTP protocol to crash a system by creating a connection with an unknown chunk type.\n\n * [CVE-2007-3513](<https://security-tracker.debian.org/tracker/CVE-2007-3513>)\n\nOliver Neukum reported an issue in the usblcd driver which, by not limiting the size of write buffers, permits local users with write access to trigger a DoS by consuming all available memory.\n\n * [CVE-2007-3642](<https://security-tracker.debian.org/tracker/CVE-2007-3642>)\n\nZhongling Wen reported an issue in nf_conntrack_h323 where the lack of range checking may lead to NULL pointer dereferences. Remote attackers could exploit this to create a DoS condition (system crash).\n\n * [CVE-2007-3848](<https://security-tracker.debian.org/tracker/CVE-2007-3848>)\n\nWojciech Purczynski discovered that pdeath_signal was not being reset properly under certain conditions which may allow local users to gain privileges by sending arbitrary signals to suid binaries.\n\n * [CVE-2007-3851](<https://security-tracker.debian.org/tracker/CVE-2007-3851>)\n\nDave Airlie reported that Intel 965 and above chipsets have relocated their batch buffer security bits. Local X server users may exploit this to write user data to arbitrary physical memory addresses.\n\nThese problems have been fixed in the stable distribution in version 2.6.18.dfsg.1-13etch1.\n\nThe following matrix lists additional packages that were rebuilt for compatibility with or to take advantage of this update:\n\n| Debian 4.0 (etch) \n---|--- \nfai-kernels | 1.17+etch4 \nuser-mode-linux | 2.6.18-1um-2etch3 \n \nWe recommend that you upgrade your kernel package immediately and reboot the machine. If you have built a custom kernel from the kernel source package, you will need to rebuild to take advantage of these fixes.", "published": "2007-08-15T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-1356", "cvelist": ["CVE-2007-2172", "CVE-2007-2876", "CVE-2007-3848", "CVE-2007-1353", "CVE-2007-3851", "CVE-2007-3513", "CVE-2007-2453", "CVE-2007-3642", "CVE-2007-2525"], "lastseen": "2016-09-02T18:32:28"}, {"id": "DSA-1504", "type": "debian", "title": "kernel-source-2.6.8 -- several vulnerabilities", "description": "Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:\n\n * [CVE-2006-5823](<https://security-tracker.debian.org/tracker/CVE-2006-5823>)\n\nLMH reported a potential local DoS which could be exploited by a malicious user with the privileges to mount and read a corrupted cramfs filesystem.\n\n * [CVE-2006-6054](<https://security-tracker.debian.org/tracker/CVE-2006-6054>)\n\nLMH reported a potential local DoS which could be exploited by a malicious user with the privileges to mount and read a corrupted ext2 filesystem.\n\n * [CVE-2006-6058](<https://security-tracker.debian.org/tracker/CVE-2006-6058>)\n\nLMH reported an issue in the minix filesystem that allows local users with mount privileges to create a DoS (printk flood) by mounting a specially crafted corrupt filesystem.\n\n * [CVE-2006-7203](<https://security-tracker.debian.org/tracker/CVE-2006-7203>)\n\nOpenVZ Linux kernel team reported an issue in the smbfs filesystem which can be exploited by local users to cause a DoS (oops) during mount.\n\n * [CVE-2007-1353](<https://security-tracker.debian.org/tracker/CVE-2007-1353>)\n\nIlja van Sprundel discovered that kernel memory could be leaked via the Bluetooth setsockopt call due to an uninitialized stack buffer. This could be used by local attackers to read the contents of sensitive kernel memory.\n\n * [CVE-2007-2172](<https://security-tracker.debian.org/tracker/CVE-2007-2172>)\n\nThomas Graf reported a typo in the DECnet protocol handler that could be used by a local attacker to overrun an array via crafted packets, potentially resulting in a Denial of Service (system crash). A similar issue exists in the IPV4 protocol handler and will be fixed in a subsequent update.\n\n * [CVE-2007-2525](<https://security-tracker.debian.org/tracker/CVE-2007-2525>)\n\nFlorian Zumbiehl discovered a memory leak in the PPPOE subsystem caused by releasing a socket before PPPIOCGCHAN is called upon it. This could be used by a local user to DoS a system by consuming all available memory.\n\n * [CVE-2007-3105](<https://security-tracker.debian.org/tracker/CVE-2007-3105>)\n\nThe PaX Team discovered a potential buffer overflow in the random number generator which may permit local users to cause a denial of service or gain additional privileges. This issue is not believed to effect default Debian installations where only root has sufficient privileges to exploit it.\n\n * [CVE-2007-3739](<https://security-tracker.debian.org/tracker/CVE-2007-3739>)\n\nAdam Litke reported a potential local denial of service (oops) on powerpc platforms resulting from unchecked VMA expansion into address space reserved for hugetlb pages.\n\n * [CVE-2007-3740](<https://security-tracker.debian.org/tracker/CVE-2007-3740>)\n\nSteve French reported that CIFS filesystems with CAP_UNIX enabled were not honoring a process' umask which may lead to unintentionally relaxed permissions.\n\n * [CVE-2007-3848](<https://security-tracker.debian.org/tracker/CVE-2007-3848>)\n\nWojciech Purczynski discovered that pdeath_signal was not being reset properly under certain conditions which may allow local users to gain privileges by sending arbitrary signals to suid binaries.\n\n * [CVE-2007-4133](<https://security-tracker.debian.org/tracker/CVE-2007-4133>)\n\nHugh Dickins discovered a potential local DoS (panic) in hugetlbfs. A misconversion of hugetlb_vmtruncate_list to prio_tree may allow local users to trigger a BUG_ON() call in exit_mmap.\n\n * [CVE-2007-4308](<https://security-tracker.debian.org/tracker/CVE-2007-4308>)\n\nAlan Cox reported an issue in the aacraid driver that allows unprivileged local users to make ioctl calls which should be restricted to admin privileges.\n\n * [CVE-2007-4573](<https://security-tracker.debian.org/tracker/CVE-2007-4573>)\n\nWojciech Purczynski discovered a vulnerability that can be exploited by a local user to obtain superuser privileges on x86_64 systems. This resulted from improper clearing of the high bits of registers during ia32 system call emulation. This vulnerability is relevant to the Debian amd64 port as well as users of the i386 port who run the amd64 linux-image flavour.\n\n * [CVE-2007-5093](<https://security-tracker.debian.org/tracker/CVE-2007-5093>)\n\nAlex Smith discovered an issue with the pwc driver for certain webcam devices. If the device is removed while a userspace application has it open, the driver will wait for userspace to close the device, resulting in a blocked USB subsystem. This issue is of low security impact as it requires the attacker to either have physical access to the system or to convince a user with local access to remove the device on their behalf.\n\n * [CVE-2007-6063](<https://security-tracker.debian.org/tracker/CVE-2007-6063>)\n\nVenustech AD-LAB discovered a a buffer overflow in the isdn ioctl handling, exploitable by a local user.\n\n * [CVE-2007-6151](<https://security-tracker.debian.org/tracker/CVE-2007-6151>)\n\nADLAB discovered a possible memory overrun in the ISDN subsystem that may permit a local user to overwrite kernel memory by issuing ioctls with unterminated data.\n\n * [CVE-2007-6206](<https://security-tracker.debian.org/tracker/CVE-2007-6206>)\n\nBlake Frantz discovered that when a core file owned by a non-root user exists, and a root-owned process dumps core over it, the core file retains its original ownership. This could be used by a local user to gain access to sensitive information.\n\n * [CVE-2007-6694](<https://security-tracker.debian.org/tracker/CVE-2007-6694>)\n\nCyrill Gorcunov reported a NULL pointer dereference in code specific to the CHRP PowerPC platforms. Local users could exploit this issue to achieve a Denial of Service (DoS).\n\n * [CVE-2008-0007](<https://security-tracker.debian.org/tracker/CVE-2008-0007>)\n\nNick Piggin of SuSE discovered a number of issues in subsystems which register a fault handler for memory mapped areas. This issue can be exploited by local users to achieve a Denial of Service (DoS) and possibly execute arbitrary code.\n\nThe following matrix lists additional packages that were rebuilt for compatibility with or to take advantage of this update:\n\n| Debian 3.1 (sarge) \n---|--- \nkernel-image-2.6.8-alpha | 2.6.8-17sarge1 \nkernel-image-2.6.8-amd64 | 2.6.8-17sarge1 \nkernel-image-2.6.8-hppa | 2.6.8-7sarge1 \nkernel-image-2.6.8-i386 | 2.6.8-17sarge1 \nkernel-image-2.6.8-ia64 | 2.6.8-15sarge1 \nkernel-image-2.6.8-m68k | 2.6.8-5sarge1 \nkernel-image-2.6.8-s390 | 2.6.8-6sarge1 \nkernel-image-2.6.8-sparc | 2.6.8-16sarge1 \nkernel-patch-powerpc-2.6.8 | 2.6.8-13sarge1 \nfai-kernels | 1.9.1sarge8 \n \nWe recommend that you upgrade your kernel package immediately and reboot the machine. If you have built a custom kernel from the kernel source package, you will need to rebuild to take advantage of these fixes.", "published": "2008-02-22T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-1504", "cvelist": ["CVE-2007-4573", "CVE-2007-2172", "CVE-2006-6054", "CVE-2007-3848", "CVE-2007-3739", "CVE-2007-1353", "CVE-2006-7203", "CVE-2007-4133", "CVE-2007-3105", "CVE-2007-6151", "CVE-2007-5093", "CVE-2007-4308", "CVE-2008-0007", "CVE-2007-6206", "CVE-2007-3740", "CVE-2006-5823", "CVE-2007-6694", "CVE-2006-6058", "CVE-2007-2525", "CVE-2007-6063"], "lastseen": "2016-09-02T18:21:34"}, {"id": "DSA-1503", "type": "debian", "title": "kernel-source-2.4.27 -- several vulnerabilities", "description": "Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:\n\n * [CVE-2004-2731](<https://security-tracker.debian.org/tracker/CVE-2004-2731>)\n\ninfamous41md reported multiple integer overflows in the Sbus PROM driver that would allow for a DoS (Denial of Service) attack by a local user, and possibly the execution of arbitrary code.\n\n * [CVE-2006-4814](<https://security-tracker.debian.org/tracker/CVE-2006-4814>)\n\nDoug Chapman discovered a potential local DoS (deadlock) in the mincore function caused by improper lock handling.\n\n * [CVE-2006-5753](<https://security-tracker.debian.org/tracker/CVE-2006-5753>)\n\nEric Sandeen provided a fix for a local memory corruption vulnerability resulting from a misinterpretation of return values when operating on inodes which have been marked bad.\n\n * [CVE-2006-5823](<https://security-tracker.debian.org/tracker/CVE-2006-5823>)\n\nLMH reported a potential local DoS which could be exploited by a malicious user with the privileges to mount and read a corrupted cramfs filesystem.\n\n * [CVE-2006-6053](<https://security-tracker.debian.org/tracker/CVE-2006-6053>)\n\nLMH reported a potential local DoS which could be exploited by a malicious user with the privileges to mount and read a corrupted ext3 filesystem.\n\n * [CVE-2006-6054](<https://security-tracker.debian.org/tracker/CVE-2006-6054>)\n\nLMH reported a potential local DoS which could be exploited by a malicious user with the privileges to mount and read a corrupted ext2 filesystem.\n\n * [CVE-2006-6106](<https://security-tracker.debian.org/tracker/CVE-2006-6106>)\n\nMarcel Holtman discovered multiple buffer overflows in the Bluetooth subsystem which can be used to trigger a remote DoS (crash) and potentially execute arbitrary code.\n\n * [CVE-2007-1353](<https://security-tracker.debian.org/tracker/CVE-2007-1353>)\n\nIlja van Sprundel discovered that kernel memory could be leaked via the Bluetooth setsockopt call due to an uninitialized stack buffer. This could be used by local attackers to read the contents of sensitive kernel memory.\n\n * [CVE-2007-1592](<https://security-tracker.debian.org/tracker/CVE-2007-1592>)\n\nMasayuki Nakagawa discovered that flow labels were inadvertently being shared between listening sockets and child sockets. This defect can be exploited by local users to cause a DoS (Oops).\n\n * [CVE-2007-2172](<https://security-tracker.debian.org/tracker/CVE-2007-2172>)\n\nThomas Graf reported a typo in the DECnet protocol handler that could be used by a local attacker to overrun an array via crafted packets, potentially resulting in a Denial of Service (system crash). A similar issue exists in the IPV4 protocol handler and will be fixed in a subsequent update.\n\n * [CVE-2007-2525](<https://security-tracker.debian.org/tracker/CVE-2007-2525>)\n\nFlorian Zumbiehl discovered a memory leak in the PPPOE subsystem caused by releasing a socket before PPPIOCGCHAN is called upon it. This could be used by a local user to DoS a system by consuming all available memory.\n\n * [CVE-2007-3848](<https://security-tracker.debian.org/tracker/CVE-2007-3848>)\n\nWojciech Purczynski discovered that pdeath_signal was not being reset properly under certain conditions which may allow local users to gain privileges by sending arbitrary signals to suid binaries.\n\n * [CVE-2007-4308](<https://security-tracker.debian.org/tracker/CVE-2007-4308>)\n\nAlan Cox reported an issue in the aacraid driver that allows unprivileged local users to make ioctl calls which should be restricted to admin privileges.\n\n * [CVE-2007-4311](<https://security-tracker.debian.org/tracker/CVE-2007-4311>)\n\nPaX team discovered an issue in the random driver where a defect in the reseeding code leads to a reduction in entropy.\n\n * [CVE-2007-5093](<https://security-tracker.debian.org/tracker/CVE-2007-5093>)\n\nAlex Smith discovered an issue with the pwc driver for certain webcam devices. If the device is removed while a userspace application has it open, the driver will wait for userspace to close the device, resulting in a blocked USB subsystem. This issue is of low security impact as it requires the attacker to either have physical access to the system or to convince a user with local access to remove the device on their behalf.\n\n * [CVE-2007-6063](<https://security-tracker.debian.org/tracker/CVE-2007-6063>)\n\nVenustech AD-LAB discovered a a buffer overflow in the isdn ioctl handling, exploitable by a local user.\n\n * [CVE-2007-6151](<https://security-tracker.debian.org/tracker/CVE-2007-6151>)\n\nADLAB discovered a possible memory overrun in the ISDN subsystem that may permit a local user to overwrite kernel memory by issuing ioctls with unterminated data.\n\n * [CVE-2007-6206](<https://security-tracker.debian.org/tracker/CVE-2007-6206>)\n\nBlake Frantz discovered that when a core file owned by a non-root user exists, and a root-owned process dumps core over it, the core file retains its original ownership. This could be used by a local user to gain access to sensitive information.\n\n * [CVE-2007-6694](<https://security-tracker.debian.org/tracker/CVE-2007-6694>)\n\nCyrill Gorcunov reported a NULL pointer dereference in code specific to the CHRP PowerPC platforms. Local users could exploit this issue to achieve a Denial of Service (DoS).\n\n * [CVE-2008-0007](<https://security-tracker.debian.org/tracker/CVE-2008-0007>)\n\nNick Piggin of SuSE discovered a number of issues in subsystems which register a fault handler for memory mapped areas. This issue can be exploited by local users to achieve a Denial of Service (DoS) and possibly execute arbitrary code.\n\nThe following matrix lists additional packages that were rebuilt for compatibility with or to take advantage of this update:\n\n| Debian 3.1 (sarge) \n---|--- \nalsa-modules-i386 | 1.0.8+2sarge2 \nkernel-image-2.4.27-arm | 2.4.27-2sarge6 \nkernel-image-2.4.27-m68k | 2.4.27-3sarge6 \nkernel-image-speakup-i386 | 2.4.27-1.1sarge5 \nkernel-image-2.4.27-alpha | 2.4.27-10sarge6 \nkernel-image-2.4.27-s390 | 2.4.27-2sarge6 \nkernel-image-2.4.27-sparc | 2.4.27-9sarge6 \nkernel-image-2.4.27-i386 | 2.4.27-10sarge6 \nkernel-image-2.4.27-ia64 | 2.4.27-10sarge6 \nkernel-patch-2.4.27-mips | 2.4.27-10.sarge4.040815-3 \nkernel-patch-powerpc-2.4.27| 2.4.27-10sarge6 \nkernel-latest-2.4-alpha | 101sarge3 \nkernel-latest-2.4-i386 | 101sarge2 \nkernel-latest-2.4-s390 | 2.4.27-1sarge2 \nkernel-latest-2.4-sparc | 42sarge3 \ni2c | 1:2.9.1-1sarge2 \nlm-sensors | 1:2.9.1-1sarge4 \nmindi-kernel | 2.4.27-2sarge5 \npcmcia-modules-2.4.27-i386 | 3.2.5+2sarge2 \nhostap-modules-i386 | 1:0.3.7-1sarge3 \nsystemimager | 3.2.3-6sarge5 \n \nWe recommend that you upgrade your kernel package immediately and reboot the machine. If you have built a custom kernel from the kernel source package, you will need to rebuild to take advantage of these fixes.", "published": "2008-02-22T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-1503", "cvelist": ["CVE-2007-2172", "CVE-2006-6054", "CVE-2007-3848", "CVE-2007-4311", "CVE-2007-1353", "CVE-2006-4814", "CVE-2007-6151", "CVE-2004-2731", "CVE-2006-6106", "CVE-2007-5093", "CVE-2007-4308", "CVE-2008-0007", "CVE-2007-1592", "CVE-2006-6053", "CVE-2007-6206", "CVE-2006-5753", "CVE-2006-5823", "CVE-2007-6694", "CVE-2007-2525", "CVE-2007-6063"], "lastseen": "2016-09-02T18:30:06"}, {"id": "DSA-1289", "type": "debian", "title": "linux-2.6 -- several vulnerabilities", "description": "Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:\n\n * [CVE-2007-1496](<https://security-tracker.debian.org/tracker/CVE-2007-1496>)\n\nMichal Miroslaw reported a DoS vulnerability (crash) in netfilter. A remote attacker can cause a NULL pointer dereference in the nfnetlink_log function.\n\n * [CVE-2007-1497](<https://security-tracker.debian.org/tracker/CVE-2007-1497>)\n\nPatrick McHardy reported an vulnerability in netfilter that may allow attackers to bypass certain firewall rules. The nfctinfo value of reassembled IPv6 packet fragments were incorrectly initialized to 0 which allowed these packets to become tracked as ESTABLISHED.\n\n * [CVE-2007-1861](<https://security-tracker.debian.org/tracker/CVE-2007-1861>)\n\nJaco Kroon reported a bug in which NETLINK_FIB_LOOKUP packages were incorrectly routed back to the kernel resulting in an infinite recursion condition. Local users can exploit this behavior to cause a DoS (crash).\n\nFor the stable distribution (etch) these problems have been fixed in version 2.6.18.dfsg.1-12etch2.\n\nThe following matrix lists additional packages that were rebuilt for compatibility with or to take advantage of this update:\n\n| Debian 4.0 (etch) \n---|--- \nfai-kernels | 1.17+etch2 \nuser-mode-linux | 2.6.18-1um-2etch2 \nkernel-patch-openvz| 028.18.1etch1 \n \nWe recommend that you upgrade your kernel package immediately and reboot the machine. If you have built a custom kernel from the kernel source package, you will need to rebuild to take advantage of these fixes.", "published": "2007-05-13T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://www.debian.org/security/dsa-1289", "cvelist": ["CVE-2007-1496", "CVE-2007-1497", "CVE-2007-1861"], "lastseen": "2016-09-02T18:28:25"}, {"id": "DSA-1286", "type": "debian", "title": "linux-2.6 -- several vulnerabilities", "description": "Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:\n\n * [CVE-2007-0005](<https://security-tracker.debian.org/tracker/CVE-2007-0005>)\n\nDaniel Roethlisberger discovered two buffer overflows in the cm4040 driver for the Omnikey CardMan 4040 device. A local user or malicious device could exploit this to execute arbitrary code in kernel space.\n\n * [CVE-2007-0958](<https://security-tracker.debian.org/tracker/CVE-2007-0958>)\n\nSantosh Eraniose reported a vulnerability that allows local users to read otherwise unreadable files by triggering a core dump while using PT_INTERP. This is related to [CVE-2004-1073](<https://security-tracker.debian.org/tracker/CVE-2004-1073>).\n\n * [CVE-2007-1357](<https://security-tracker.debian.org/tracker/CVE-2007-1357>)\n\nJean Delvare reported a vulnerability in the appletalk subsystem. Systems with the appletalk module loaded can be triggered to crash by other systems on the local network via a malformed frame.\n\n * [CVE-2007-1592](<https://security-tracker.debian.org/tracker/CVE-2007-1592>)\n\nMasayuki Nakagawa discovered that flow labels were inadvertently being shared between listening sockets and child sockets. This defect can be exploited by local users to cause a DoS (Oops).\n\nThis problem has been fixed in the stable distribution in version 2.6.18.dfsg.1-12etch1.\n\nThe following matrix lists additional packages that were rebuilt for compatibility with or to take advantage of this update:\n\n| Debian 4.0 (etch) \n---|--- \nfai-kernels | 1.17etch1 \nuser-mode-linux | 2.6.18-1um-2etch1 \n \nWe recommend that you upgrade your kernel package immediately and reboot the machine. If you have built a custom kernel from the kernel source package, you will need to rebuild to take advantage of these fixes.\n\nUpdated packages for the mips and mipsel architectures are not yet available. They will be provided later.", "published": "2007-05-02T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-1286", "cvelist": ["CVE-2007-1592", "CVE-2007-0958", "CVE-2007-0005", "CVE-2007-1357"], "lastseen": "2016-09-02T18:29:12"}], "nessus": [{"id": "CENTOS_RHSA-2007-1049.NASL", "type": "nessus", "title": "CentOS 3 : kernel (CESA-2007:1049)", "description": "Updated kernel packages that fix several security issues and a bug in the Red Hat Enterprise Linux 3 kernel are now available.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nA flaw was found in the handling of process death signals. This allowed a local user to send arbitrary signals to the suid-process executed by that user. A successful exploitation of this flaw depends on the structure of the suid-program and its signal handling.\n(CVE-2007-3848, Important)\n\nA flaw was found in the IPv4 forwarding base. This allowed a local user to cause a denial of service. (CVE-2007-2172, Important)\n\nA flaw was found where a corrupted executable file could cause cross-region memory mappings on Itanium systems. This allowed a local user to cause a denial of service. (CVE-2006-4538, Moderate)\n\nA flaw was found in the stack expansion when using the hugetlb kernel on PowerPC systems. This allowed a local user to cause a denial of service. (CVE-2007-3739, Moderate)\n\nA flaw was found in the aacraid SCSI driver. This allowed a local user to make ioctl calls to the driver that should be restricted to privileged users. (CVE-2007-4308, Moderate)\n\nAs well, these updated packages fix the following bug :\n\n* a bug in the TCP header prediction code may have caused 'TCP:\nTreason uncloaked!' messages to be logged. In certain situations this may have lead to TCP connections hanging or aborting.\n\nRed Hat Enterprise Linux 3 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.", "published": "2007-12-04T00:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=29190", "cvelist": ["CVE-2007-2172", "CVE-2007-3848", "CVE-2007-3739", "CVE-2007-4308", "CVE-2006-4538"], "lastseen": "2017-10-29T13:38:55"}, {"id": "SL_20071203_KERNEL_ON_SL3.NASL", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL3.x i386/x86_64", "description": "A flaw was found in the handling of process death signals. This allowed a local user to send arbitrary signals to the suid-process executed by that user. A successful exploitation of this flaw depends on the structure of the suid-program and its signal handling.\n(CVE-2007-3848, Important)\n\nA flaw was found in the IPv4 forwarding base. This allowed a local user to cause a denial of service. (CVE-2007-2172, Important)\n\nA flaw was found where a corrupted executable file could cause cross-region memory mappings on Itanium systems. This allowed a local user to cause a denial of service. (CVE-2006-4538, Moderate)\n\nA flaw was found in the stack expansion when using the hugetlb kernel on PowerPC systems. This allowed a local user to cause a denial of service. (CVE-2007-3739, Moderate)\n\nA flaw was found in the aacraid SCSI driver. This allowed a local user to make ioctl calls to the driver that should be restricted to privileged users. (CVE-2007-4308, Moderate)\n\nAs well, these updated packages fix the following bug :\n\n - a bug in the TCP header prediction code may have caused 'TCP: Treason uncloaked!' messages to be logged. In certain situations this may have lead to TCP connections hanging or aborting.", "published": "2012-08-01T00:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=60321", "cvelist": ["CVE-2007-2172", "CVE-2007-3848", "CVE-2007-3739", "CVE-2007-4308", "CVE-2006-4538"], "lastseen": "2017-10-29T13:45:52"}, {"id": "DEBIAN_DSA-1363.NASL", "type": "nessus", "title": "Debian DSA-1363-1 : linux-2.6 - several vulnerabilities", "description": "Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2007-2172 Thomas Graf reported a typo in the IPv4 protocol handler that could be used by a local attacker to overrun an array via crafted packets, potentially resulting in a Denial of Service (system crash). The DECnet counterpart of this issue was already fixed in DSA-1356.\n\n - CVE-2007-2875 iDefense reported a potential integer underflow in the cpuset filesystem which may permit local attackers to gain access to sensitive kernel memory. This vulnerability is only exploitable if the cpuset filesystem is mounted.\n\n - CVE-2007-3105 The PaX Team discovered a potential buffer overflow in the random number generator which may permit local users to cause a denial of service or gain additional privileges. This issue is not believed to effect default Debian installations where only root has sufficient privileges to exploit it.\n\n - CVE-2007-3843 A coding error in the CIFS subsystem permits the use of unsigned messages even if the client has configured the system to enforce signing by passing the sec=ntlmv2i mount option. This may allow remote attackers to spoof CIFS network traffic.\n\n - CVE-2007-4308 Alan Cox reported an issue in the aacraid driver that allows unprivileged local users to make ioctl calls which should be restricted to admin privileges.\n\nThese problems have been fixed in the stable distribution in version 2.6.18.dfsg.1-13etch2.\n\nThe following matrix lists additional packages that were rebuilt for compatibility with or to take advantage of this update :\n\n Debian 4.0 (etch) fai-kernels 1.17+etch5 user-mode-linux 2.6.18-1um-2etch4", "published": "2007-09-03T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=25963", "cvelist": ["CVE-2007-2172", "CVE-2007-3105", "CVE-2007-4308", "CVE-2007-3843", "CVE-2007-2875"], "lastseen": "2017-10-29T13:34:48"}, {"id": "REDHAT-RHSA-2007-1049.NASL", "type": "nessus", "title": "RHEL 3 : kernel (RHSA-2007:1049)", "description": "Updated kernel packages that fix several security issues and a bug in the Red Hat Enterprise Linux 3 kernel are now available.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nA flaw was found in the handling of process death signals. This allowed a local user to send arbitrary signals to the suid-process executed by that user. A successful exploitation of this flaw depends on the structure of the suid-program and its signal handling.\n(CVE-2007-3848, Important)\n\nA flaw was found in the IPv4 forwarding base. This allowed a local user to cause a denial of service. (CVE-2007-2172, Important)\n\nA flaw was found where a corrupted executable file could cause cross-region memory mappings on Itanium systems. This allowed a local user to cause a denial of service. (CVE-2006-4538, Moderate)\n\nA flaw was found in the stack expansion when using the hugetlb kernel on PowerPC systems. This allowed a local user to cause a denial of service. (CVE-2007-3739, Moderate)\n\nA flaw was found in the aacraid SCSI driver. This allowed a local user to make ioctl calls to the driver that should be restricted to privileged users. (CVE-2007-4308, Moderate)\n\nAs well, these updated packages fix the following bug :\n\n* a bug in the TCP header prediction code may have caused 'TCP:\nTreason uncloaked!' messages to be logged. In certain situations this may have lead to TCP connections hanging or aborting.\n\nRed Hat Enterprise Linux 3 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.", "published": "2007-12-04T00:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=29203", "cvelist": ["CVE-2007-2172", "CVE-2007-3848", "CVE-2007-3739", "CVE-2007-4308", "CVE-2006-4538"], "lastseen": "2017-10-29T13:34:49"}, {"id": "ORACLELINUX_ELSA-2007-1049.NASL", "type": "nessus", "title": "Oracle Linux 3 : kernel (ELSA-2007-1049)", "description": "From Red Hat Security Advisory 2007:1049 :\n\nUpdated kernel packages that fix several security issues and a bug in the Red Hat Enterprise Linux 3 kernel are now available.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nA flaw was found in the handling of process death signals. This allowed a local user to send arbitrary signals to the suid-process executed by that user. A successful exploitation of this flaw depends on the structure of the suid-program and its signal handling.\n(CVE-2007-3848, Important)\n\nA flaw was found in the IPv4 forwarding base. This allowed a local user to cause a denial of service. (CVE-2007-2172, Important)\n\nA flaw was found where a corrupted executable file could cause cross-region memory mappings on Itanium systems. This allowed a local user to cause a denial of service. (CVE-2006-4538, Moderate)\n\nA flaw was found in the stack expansion when using the hugetlb kernel on PowerPC systems. This allowed a local user to cause a denial of service. (CVE-2007-3739, Moderate)\n\nA flaw was found in the aacraid SCSI driver. This allowed a local user to make ioctl calls to the driver that should be restricted to privileged users. (CVE-2007-4308, Moderate)\n\nAs well, these updated packages fix the following bug :\n\n* a bug in the TCP header prediction code may have caused 'TCP:\nTreason uncloaked!' messages to be logged. In certain situations this may have lead to TCP connections hanging or aborting.\n\nRed Hat Enterprise Linux 3 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.", "published": "2013-07-12T00:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=67609", "cvelist": ["CVE-2007-2172", "CVE-2007-3848", "CVE-2007-3739", "CVE-2007-4308", "CVE-2006-4538"], "lastseen": "2017-10-29T13:43:01"}, {"id": "ORACLELINUX_ELSA-2007-0347.NASL", "type": "nessus", "title": "Oracle Linux 5 : kernel (ELSA-2007-0347)", "description": "From Red Hat Security Advisory 2007:0347 :\n\nUpdated kernel packages that fix security issues and bugs in the Red Hat Enterprise Linux 5 kernel are now available.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe Linux kernel handles the basic functions of the operating system.\n\nThese new kernel packages contain fixes for the following security issues :\n\n* a flaw in the handling of IPv6 type 0 routing headers that allowed remote users to cause a denial of service that led to a network amplification between two routers (CVE-2007-2242, Important).\n\n* a flaw in the nfnetlink_log netfilter module that allowed a local user to cause a denial of service (CVE-2007-1496, Important).\n\n* a flaw in the flow list of listening IPv6 sockets that allowed a local user to cause a denial of service (CVE-2007-1592, Important).\n\n* a flaw in the handling of netlink messages that allowed a local user to cause a denial of service (infinite recursion) (CVE-2007-1861, Important).\n\n* a flaw in the IPv4 forwarding base that allowed a local user to cause an out-of-bounds access (CVE-2007-2172, Important).\n\n* a flaw in the nf_conntrack netfilter module for IPv6 that allowed remote users to bypass certain netfilter rules using IPv6 fragments (CVE-2007-1497, Moderate).\n\nIn addition to the security issues described above, fixes for the following have been included :\n\n* a regression in ipv6 routing.\n\n* an error in memory initialization that caused gdb to output inaccurate backtraces on ia64.\n\n* the nmi watchdog timeout was updated from 5 to 30 seconds.\n\n* a flaw in distributed lock management that could result in errors during virtual machine migration.\n\n* an omitted include in kernel-headers that led to compile failures for some packages.\n\nRed Hat Enterprise Linux 5 users are advised to upgrade to these packages, which contain backported patches to correct these issues.", "published": "2013-07-12T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=67495", "cvelist": ["CVE-2007-2172", "CVE-2007-1496", "CVE-2007-2242", "CVE-2007-1592", "CVE-2007-1497", "CVE-2007-1861"], "lastseen": "2017-10-29T13:33:52"}, {"id": "SL_20070516_KERNEL_ON_SL5_X.NASL", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL5.x i386/x86_64", "description": "These new kernel packages contain fixes for the following security issues :\n\n - a flaw in the handling of IPv6 type 0 routing headers that allowed remote users to cause a denial of service that led to a network amplification between two routers (CVE-2007-2242, Important).\n\n - a flaw in the nfnetlink_log netfilter module that allowed a local user to cause a denial of service (CVE-2007-1496, Important).\n\n - a flaw in the flow list of listening IPv6 sockets that allowed a local user to cause a denial of service (CVE-2007-1592, Important).\n\n - a flaw in the handling of netlink messages that allowed a local user to cause a denial of service (infinite recursion) (CVE-2007-1861, Important).\n\n - a flaw in the IPv4 forwarding base that allowed a local user to cause an out-of-bounds access (CVE-2007-2172, Important).\n\n - a flaw in the nf_conntrack netfilter module for IPv6 that allowed remote users to bypass certain netfilter rules using IPv6 fragments (CVE-2007-1497, Moderate).\n\nIn addition to the security issues described above, fixes for the following have been included :\n\n - a regression in ipv6 routing.\n\n - an error in memory initialization that caused gdb to output inaccurate backtraces on ia64.\n\n - the nmi watchdog timeout was updated from 5 to 30 seconds.\n\n - a flaw in distributed lock management that could result in errors during virtual machine migration.\n\n - an omitted include in kernel-headers that led to compile failures for some packages.", "published": "2012-08-01T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=60181", "cvelist": ["CVE-2007-2172", "CVE-2007-1496", "CVE-2007-2242", "CVE-2007-1592", "CVE-2007-1497", "CVE-2007-1861"], "lastseen": "2017-10-29T13:38:10"}, {"id": "REDHAT-RHSA-2007-0347.NASL", "type": "nessus", "title": "RHEL 5 : kernel (RHSA-2007:0347)", "description": "Updated kernel packages that fix security issues and bugs in the Red Hat Enterprise Linux 5 kernel are now available.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe Linux kernel handles the basic functions of the operating system.\n\nThese new kernel packages contain fixes for the following security issues :\n\n* a flaw in the handling of IPv6 type 0 routing headers that allowed remote users to cause a denial of service that led to a network amplification between two routers (CVE-2007-2242, Important).\n\n* a flaw in the nfnetlink_log netfilter module that allowed a local user to cause a denial of service (CVE-2007-1496, Important).\n\n* a flaw in the flow list of listening IPv6 sockets that allowed a local user to cause a denial of service (CVE-2007-1592, Important).\n\n* a flaw in the handling of netlink messages that allowed a local user to cause a denial of service (infinite recursion) (CVE-2007-1861, Important).\n\n* a flaw in the IPv4 forwarding base that allowed a local user to cause an out-of-bounds access (CVE-2007-2172, Important).\n\n* a flaw in the nf_conntrack netfilter module for IPv6 that allowed remote users to bypass certain netfilter rules using IPv6 fragments (CVE-2007-1497, Moderate).\n\nIn addition to the security issues described above, fixes for the following have been included :\n\n* a regression in ipv6 routing.\n\n* an error in memory initialization that caused gdb to output inaccurate backtraces on ia64.\n\n* the nmi watchdog timeout was updated from 5 to 30 seconds.\n\n* a flaw in distributed lock management that could result in errors during virtual machine migration.\n\n* an omitted include in kernel-headers that led to compile failures for some packages.\n\nRed Hat Enterprise Linux 5 users are advised to upgrade to these packages, which contain backported patches to correct these issues.", "published": "2007-05-25T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=25333", "cvelist": ["CVE-2007-2172", "CVE-2007-1496", "CVE-2007-2242", "CVE-2007-1592", "CVE-2007-1497", "CVE-2007-1861"], "lastseen": "2017-10-29T13:36:52"}, {"id": "SL_20070625_KERNEL_ON_SL4_X.NASL", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL4.x i386/x86_64", "description": "These new kernel packages contain fixes for the security issues described below :\n\n - a flaw in the connection tracking support for SCTP that allowed a remote user to cause a denial of service by dereferencing a NULL pointer. (CVE-2007-2876, Important)\n\n - a flaw in the mount handling routine for 64-bit systems that allowed a local user to cause denial of service (crash). (CVE-2006-7203, Important)\n\n - a flaw in the IPv4 forwarding base that allowed a local user to cause an out-of-bounds access. (CVE-2007-2172, Important)\n\n - a flaw in the PPP over Ethernet implementation that allowed a local user to cause a denial of service (memory consumption) by creating a socket using connect and then releasing it before the PPPIOCGCHAN ioctl has been called. (CVE-2007-2525, Important)\n\n - a flaw in the fput ioctl handling of 32-bit applications running on 64-bit platforms that allowed a local user to cause a denial of service (panic). (CVE-2007-0773, Important)\n\n - a flaw in the NFS locking daemon that allowed a local user to cause denial of service (deadlock).\n (CVE-2006-5158, Moderate)\n\n - a flaw in the sysfs_readdir function that allowed a local user to cause a denial of service by dereferencing a NULL pointer. (CVE-2007-3104, Moderate)\n\n - a flaw in the core-dump handling that allowed a local user to create core dumps from unreadable binaries via PT_INTERP. (CVE-2007-0958, Low)\n\n - a flaw in the Bluetooth subsystem that allowed a local user to trigger an information leak. (CVE-2007-1353, Low)\n\nIn addition, the following bugs were addressed :\n\n - the NFS could recurse on the same spinlock. Also, NFS, under certain conditions, did not completely clean up Posix locks on a file close, leading to mount failures.\n\n - the 32bit compatibility didn't return to userspace correct values for the rt_sigtimedwait system call.\n\n - the count for unused inodes could be incorrect at times, resulting in dirty data not being written to disk in a timely manner.\n\n - the cciss driver had an incorrect disk size calculation (off-by-one error) which prevented disk dumps.\n\nNOTE1: From The Upstream Vendors release notes 'During PCI probing, Red Hat Enterprise Linux 4 Update 5 attempts to use information obtained from MCFG (memory-mapped PCI configuration space). On AMD-systems, this type of access does not work on some buses, as the kernel cannot parse the MCFG table.\n\nTo work around this, add the parameter pci=conf1 or pci=nommconf on the kernel boot line in /etc/grub.conf. For example :\n\ntitle Red Hat Enterprise Linux AS (2.6.9-42.0.2.EL) root (hd0,0) kernel /vmlinuz-2.6.9-42.0.2.EL ro root=/dev/VolGroup00/LogVol00 rhgb quiet pci=conf1 initrd /initrd-2.6.9-42.0.2.EL.img\n\nDoing this instructs the kernel to use PCI Conf1 access instead of MCFG-based access.'\n\nNOTE2: From The Upstream Vendors Knowledge Base 'Why did the ordering of my NIC devices change in Red Hat Enterprise Linux 4.5?\n\nThe 2.6.9-55 version of the Red Hat Enterprise Linux 4 kernel (Update 5) reverts to the 2.4 ordering of network interface cards (NICs) on certain systems. Note that if the 'HWADDR=MAC ADDRESS' line is present in the /etc/sysconfig/network-scripts/ifcfg-ethX files, the NIC ordering will not change.\n\nTo restore the original 2.6 ordering, which is different from the 2.4 ordering, boot with the option pci=nobfsort '", "published": "2012-08-01T00:00:00", "cvss": {"score": 6.1, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=60215", "cvelist": ["CVE-2007-2172", "CVE-2007-2876", "CVE-2007-0773", "CVE-2007-3104", "CVE-2006-5158", "CVE-2007-1353", "CVE-2006-7203", "CVE-2007-0958", "CVE-2007-2525"], "lastseen": "2017-10-29T13:34:06"}, {"id": "CENTOS_RHSA-2007-0488.NASL", "type": "nessus", "title": "CentOS 4 : kernel (CESA-2007:0488)", "description": "Updated kernel packages that fix several security issues and bugs in the Red Hat Enterprise Linux 4 kernel are now available.\n\nThis security advisory has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe Linux kernel handles the basic functions of the operating system.\n\nThese new kernel packages contain fixes for the security issues described below :\n\n* a flaw in the connection tracking support for SCTP that allowed a remote user to cause a denial of service by dereferencing a NULL pointer. (CVE-2007-2876, Important)\n\n* a flaw in the mount handling routine for 64-bit systems that allowed a local user to cause denial of service (crash). (CVE-2006-7203, Important)\n\n* a flaw in the IPv4 forwarding base that allowed a local user to cause an out-of-bounds access. (CVE-2007-2172, Important)\n\n* a flaw in the PPP over Ethernet implementation that allowed a local user to cause a denial of service (memory consumption) by creating a socket using connect and then releasing it before the PPPIOCGCHAN ioctl has been called. (CVE-2007-2525, Important)\n\n* a flaw in the fput ioctl handling of 32-bit applications running on 64-bit platforms that allowed a local user to cause a denial of service (panic). (CVE-2007-0773, Important)\n\n* a flaw in the NFS locking daemon that allowed a local user to cause denial of service (deadlock). (CVE-2006-5158, Moderate)\n\n* a flaw in the sysfs_readdir function that allowed a local user to cause a denial of service by dereferencing a NULL pointer.\n(CVE-2007-3104, Moderate)\n\n* a flaw in the core-dump handling that allowed a local user to create core dumps from unreadable binaries via PT_INTERP. (CVE-2007-0958, Low)\n\n* a flaw in the Bluetooth subsystem that allowed a local user to trigger an information leak. (CVE-2007-1353, Low)\n\nIn addition, the following bugs were addressed :\n\n* the NFS could recurse on the same spinlock. Also, NFS, under certain conditions, did not completely clean up Posix locks on a file close, leading to mount failures.\n\n* the 32bit compatibility didn't return to userspace correct values for the rt_sigtimedwait system call.\n\n* the count for unused inodes could be incorrect at times, resulting in dirty data not being written to disk in a timely manner.\n\n* the cciss driver had an incorrect disk size calculation (off-by-one error) which prevented disk dumps.\n\nRed Hat would like to thank Ilja van Sprundel and the OpenVZ Linux kernel team for reporting issues fixed in this erratum.\n\nAll Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.", "published": "2007-06-27T00:00:00", "cvss": {"score": 6.1, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=25575", "cvelist": ["CVE-2007-2172", "CVE-2007-2876", "CVE-2007-0773", "CVE-2007-3104", "CVE-2006-5158", "CVE-2007-1353", "CVE-2006-7203", "CVE-2007-0958", "CVE-2007-2525"], "lastseen": "2017-10-29T13:35:21"}], "redhat": [{"id": "RHSA-2007:1049", "type": "redhat", "title": "(RHSA-2007:1049) Important: kernel security and bug fix update", "description": "The kernel packages contain the Linux kernel, the core of any Linux\r\noperating system. \r\n\r\nA flaw was found in the handling of process death signals. This allowed a\r\nlocal user to send arbitrary signals to the suid-process executed by that\r\nuser. A successful exploitation of this flaw depends on the structure of\r\nthe suid-program and its signal handling. (CVE-2007-3848, Important)\r\n\r\nA flaw was found in the IPv4 forwarding base. This allowed a local user to\r\ncause a denial of service. (CVE-2007-2172, Important) \r\n\r\nA flaw was found where a corrupted executable file could cause cross-region\r\nmemory mappings on Itanium systems. This allowed a local user to cause a\r\ndenial of service. (CVE-2006-4538, Moderate) \r\n\r\nA flaw was found in the stack expansion when using the hugetlb kernel on\r\nPowerPC systems. This allowed a local user to cause a denial of service.\r\n(CVE-2007-3739, Moderate) \r\n\r\nA flaw was found in the aacraid SCSI driver. This allowed a local user to\r\nmake ioctl calls to the driver that should be restricted to privileged\r\nusers. (CVE-2007-4308, Moderate) \r\n\r\nAs well, these updated packages fix the following bug:\r\n\r\n* a bug in the TCP header prediction code may have caused \"TCP: Treason\r\nuncloaked!\" messages to be logged. In certain situations this may have lead\r\nto TCP connections hanging or aborting.\r\n\r\nRed Hat Enterprise Linux 3 users are advised to upgrade to these updated\r\npackages, which contain backported patches to resolve these issues.", "published": "2007-12-03T05:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2007:1049", "cvelist": ["CVE-2006-4538", "CVE-2007-2172", "CVE-2007-3739", "CVE-2007-3848", "CVE-2007-4308"], "lastseen": "2017-08-01T10:57:26"}, {"id": "RHSA-2007:0347", "type": "redhat", "title": "(RHSA-2007:0347) Important: kernel security and bug fix update", "description": "The Linux kernel handles the basic functions of the operating system.\r\n\r\nThese new kernel packages contain fixes for the following security issues:\r\n\r\n* a flaw in the handling of IPv6 type 0 routing headers that allowed remote\r\nusers to cause a denial of service that led to a network amplification\r\nbetween two routers (CVE-2007-2242, Important).\r\n\r\n* a flaw in the nfnetlink_log netfilter module that allowed a local user to\r\ncause a denial of service (CVE-2007-1496, Important).\r\n\r\n* a flaw in the flow list of listening IPv6 sockets that allowed a local\r\nuser to cause a denial of service (CVE-2007-1592, Important).\r\n\r\n* a flaw in the handling of netlink messages that allowed a local user to\r\ncause a denial of service (infinite recursion) (CVE-2007-1861, Important).\r\n\r\n* a flaw in the IPv4 forwarding base that allowed a local user to cause an\r\nout-of-bounds access (CVE-2007-2172, Important).\r\n\r\n* a flaw in the nf_conntrack netfilter module for IPv6 that allowed remote\r\nusers to bypass certain netfilter rules using IPv6 fragments\r\n(CVE-2007-1497, Moderate).\r\n\r\nIn addition to the security issues described above, fixes for the following\r\nhave been included:\r\n\r\n* a regression in ipv6 routing.\r\n\r\n* an error in memory initialization that caused gdb to output inaccurate\r\nbacktraces on ia64.\r\n\r\n* the nmi watchdog timeout was updated from 5 to 30 seconds.\r\n\r\n* a flaw in distributed lock management that could result in errors during\r\nvirtual machine migration.\r\n\r\n* an omitted include in kernel-headers that led to compile failures for\r\nsome packages.\r\n\r\nRed Hat Enterprise Linux 5 users are advised to upgrade to these packages,\r\nwhich contain backported patches to correct these issues.", "published": "2007-05-16T04:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2007:0347", "cvelist": ["CVE-2007-1496", "CVE-2007-1497", "CVE-2007-1592", "CVE-2007-1861", "CVE-2007-2172", "CVE-2007-2242"], "lastseen": "2017-09-09T07:19:55"}, {"id": "RHSA-2007:0488", "type": "redhat", "title": "(RHSA-2007:0488) Important: kernel security update", "description": "The Linux kernel handles the basic functions of the operating system.\r\n\r\nThese new kernel packages contain fixes for the security issues described\r\nbelow:\r\n\r\n* a flaw in the connection tracking support for SCTP that allowed a remote\r\nuser to cause a denial of service by dereferencing a NULL pointer.\r\n(CVE-2007-2876, Important)\r\n\r\n* a flaw in the mount handling routine for 64-bit systems that allowed a\r\nlocal user to cause denial of service (crash). (CVE-2006-7203, Important)\r\n\r\n* a flaw in the IPv4 forwarding base that allowed a local user to cause an\r\nout-of-bounds access. (CVE-2007-2172, Important)\r\n\r\n* a flaw in the PPP over Ethernet implementation that allowed a local user\r\nto cause a denial of service (memory consumption) by creating a socket\r\nusing connect and then releasing it before the PPPIOCGCHAN ioctl has been\r\ncalled. (CVE-2007-2525, Important)\r\n\r\n* a flaw in the fput ioctl handling of 32-bit applications running on\r\n64-bit platforms that allowed a local user to cause a denial of service\r\n(panic). (CVE-2007-0773, Important)\r\n\r\n* a flaw in the NFS locking daemon that allowed a local user to cause\r\ndenial of service (deadlock). (CVE-2006-5158, Moderate)\r\n\r\n* a flaw in the sysfs_readdir function that allowed a local user to cause a\r\ndenial of service by dereferencing a NULL pointer. (CVE-2007-3104, Moderate)\r\n\r\n* a flaw in the core-dump handling that allowed a local user to create core\r\ndumps from unreadable binaries via PT_INTERP. (CVE-2007-0958, Low) \r\n\r\n* a flaw in the Bluetooth subsystem that allowed a local user to trigger an\r\ninformation leak. (CVE-2007-1353, Low)\r\n\r\nIn addition, the following bugs were addressed:\r\n\r\n* the NFS could recurse on the same spinlock. Also, NFS, under certain\r\nconditions, did not completely clean up Posix locks on a file close,\r\nleading to mount failures.\r\n\r\n* the 32bit compatibility didn't return to userspace correct values for the\r\nrt_sigtimedwait system call.\r\n\r\n* the count for unused inodes could be incorrect at times, resulting in\r\ndirty data not being written to disk in a timely manner.\r\n\r\n* the cciss driver had an incorrect disk size calculation (off-by-one\r\nerror) which prevented disk dumps.\r\n\r\nRed Hat would like to thank Ilja van Sprundel and the OpenVZ Linux kernel\r\nteam for reporting issues fixed in this erratum.\r\n\r\nAll Red Hat Enterprise Linux 4 users are advised to upgrade their kernels\r\nto the packages associated with their machine architectures and\r\nconfigurations as listed in this erratum.", "published": "2007-06-25T04:00:00", "cvss": {"score": 6.1, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2007:0488", "cvelist": ["CVE-2006-5158", "CVE-2006-7203", "CVE-2007-0773", "CVE-2007-0958", "CVE-2007-1353", "CVE-2007-2172", "CVE-2007-2525", "CVE-2007-2876", "CVE-2007-3104"], "lastseen": "2017-09-09T07:20:35"}, {"id": "RHSA-2009:0001", "type": "redhat", "title": "(RHSA-2009:0001) Important: kernel security update", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThese updated packages fix the following security issues:\n\n* a flaw was found in the IPv4 forwarding base. This could allow a local,\nunprivileged user to cause a denial of service. (CVE-2007-2172,\nImportant)\n\n* a flaw was found in the handling of process death signals. This allowed a\nlocal, unprivileged user to send arbitrary signals to the suid-process\nexecuted by that user. Successful exploitation of this flaw depends on the\nstructure of the suid-program and its signal handling. (CVE-2007-3848,\nImportant)\n\n* when accessing kernel memory locations, certain Linux kernel drivers\nregistering a fault handler did not perform required range checks. A local,\nunprivileged user could use this flaw to gain read or write access to\narbitrary kernel memory, or possibly cause a denial of service.\n(CVE-2008-0007, Important)\n\n* a possible kernel memory leak was found in the Linux kernel Simple\nInternet Transition (SIT) INET6 implementation. This could allow a local,\nunprivileged user to cause a denial of service. (CVE-2008-2136, Important)\n\n* missing capability checks were found in the SBNI WAN driver which could\nallow a local, unprivileged user to bypass intended capability\nrestrictions. (CVE-2008-3525, Important)\n\n* a flaw was found in the way files were written using truncate() or\nftruncate(). This could allow a local, unprivileged user to acquire the\nprivileges of a different group and obtain access to sensitive information.\n(CVE-2008-4210, Important)\n\n* a race condition in the mincore system core allowed a local, unprivileged\nuser to cause a denial of service. (CVE-2006-4814, Moderate)\n\n* a flaw was found in the aacraid SCSI driver. This allowed a local,\nunprivileged user to make ioctl calls to the driver which should otherwise\nbe restricted to privileged users. (CVE-2007-4308, Moderate)\n\n* two buffer overflow flaws were found in the Integrated Services Digital\nNetwork (ISDN) subsystem. A local, unprivileged user could use these flaws\nto cause a denial of service. (CVE-2007-6063, CVE-2007-6151, Moderate)\n\n* a flaw was found in the way core dump files were created. If a local,\nunprivileged user could make a root-owned process dump a core file into a\nuser-writable directory, the user could gain read access to that core file,\npotentially compromising sensitive information. (CVE-2007-6206, Moderate)\n\n* a deficiency was found in the Linux kernel virtual file system (VFS)\nimplementation. This could allow a local, unprivileged user to attempt file\ncreation within deleted directories, possibly causing a denial of service.\n(CVE-2008-3275, Moderate)\n\nAll users of Red Hat Enterprise Linux 2.1 on 32-bit architectures should\nupgrade to these updated packages which address these vulnerabilities. For\nthis update to take effect, the system must be rebooted.", "published": "2009-01-08T05:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2009:0001", "cvelist": ["CVE-2006-4814", "CVE-2007-2172", "CVE-2007-3848", "CVE-2007-4308", "CVE-2007-6063", "CVE-2007-6151", "CVE-2007-6206", "CVE-2008-0007", "CVE-2008-2136", "CVE-2008-3275", "CVE-2008-3525", "CVE-2008-4210"], "lastseen": "2018-03-14T15:43:08"}, {"id": "RHSA-2008:0787", "type": "redhat", "title": "(RHSA-2008:0787) Important: kernel security update", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThese updated packages fix the following security issues:\n\n* a flaw was found in the IPv4 forwarding base that allowed a local,\nunprivileged user to cause an out-of-bounds access. (CVE-2007-2172,\nImportant)\n\n* a flaw was found in the handling of process death signals. This allowed a\nlocal, unprivileged user to send arbitrary signals to the suid-process\nexecuted by that user. Successful exploitation of this flaw depended on the\nstructure of the suid-program and its signal handling. (CVE-2007-3848,\nImportant)\n\n* when accessing kernel memory locations, certain Linux kernel drivers\nregistering a fault handler did not perform required range checks. A local,\nunprivileged user could use this flaw to gain read or write access to\narbitrary kernel memory, or possibly cause a kernel crash. (CVE-2008-0007,\nImportant)\n\n* a possible kernel memory leak was found in the Linux kernel Simple\nInternet Transition (SIT) INET6 implementation. This could allow a local,\nunprivileged user to cause a denial of service. (CVE-2008-2136, Important)\n\n* missing capability checks were found in the SBNI WAN driver which could\nallow a local, unprivileged user to bypass intended capability\nrestrictions. (CVE-2008-3525, Important)\n\n* a flaw was found in the way files were written using truncate() or\nftruncate(). This could allow a local, unprivileged user to acquire the\nprivileges of a different group and obtain access to sensitive information.\n(CVE-2008-4210, Important)\n\n* a flaw was found in the ELF handling on Itanium-based systems. This\ntriggered a cross-region memory-mapping and allowed a local, unprivileged\nuser to cause a local denial of service. (CVE-2006-4538, Moderate)\n\n* a race condition in the mincore system core allowed a local, unprivileged\nuser to cause a local denial of service (system hang). (CVE-2006-4814,\nModerate)\n\n* a flaw was found in the aacraid SCSI driver. This allowed a local,\nunprivileged user to make ioctl calls to the driver which should otherwise\nbe restricted to privileged users. (CVE-2007-4308, Moderate)\n\n* two buffer overflow flaws were found in the Integrated Services Digital\nNetwork (ISDN) subsystem. A local, unprivileged user could use these flaws\nto cause a denial of service. (CVE-2007-6063, CVE-2007-6151, Moderate)\n\n* a flaw was found in the way core dump files were created. If a local,\nunprivileged user could make a root-owned process dump a core file into a\nuser-writable directory, the user could gain read access to that core file,\npotentially compromising sensitive information. (CVE-2007-6206, Moderate)\n\n* a deficiency was found in the Linux kernel virtual file system (VFS)\nimplementation. This could allow a local, unprivileged user to attempt file\ncreation within deleted directories, possibly causing a local denial of\nservice. (CVE-2008-3275, Moderate)\n\nAll users of Red Hat Enterprise Linux 2.1 on 64-bit architectures should\nupgrade to these updated packages, which contain backported patches to\nresolve these issues.", "published": "2009-01-05T05:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2008:0787", "cvelist": ["CVE-2006-4538", "CVE-2006-4814", "CVE-2007-2172", "CVE-2007-3848", "CVE-2007-4308", "CVE-2007-6063", "CVE-2007-6151", "CVE-2007-6206", "CVE-2008-0007", "CVE-2008-2136", "CVE-2008-3275", "CVE-2008-3525", "CVE-2008-4210"], "lastseen": "2018-03-14T15:43:13"}, {"id": "RHSA-2007:0436", "type": "redhat", "title": "(RHSA-2007:0436) Important: Updated kernel packages for Red Hat Enterprise Linux 3 Update 9", "description": "The Linux kernel handles the basic functions of the operating system.\r\n\r\nThis is the ninth regular kernel update to Red Hat Enterprise Linux 3.\r\n\r\nThere were no new features introduced by this update. The only changes\r\nthat have been included address critical customer needs or security\r\nissues (elaborated below).\r\n\r\nKey areas affected by fixes in this update include the networking\r\nsubsystem, dcache handling, the ext2 and ext3 file systems, the USB\r\nsubsystem, ACPI handling, and the audit subsystem. There were also\r\nseveral isolated fixes in the tg3, e1000, megaraid_sas, and aacraid\r\ndevice drivers.\r\n\r\nThe following security bugs were fixed in this update:\r\n\r\n * a flaw in the cramfs file system that allowed invalid compressed\r\n data to cause memory corruption (CVE-2006-5823, low)\r\n\r\n * a flaw in the ext2 file system that allowed an invalid inode size\r\n to cause a denial of service (system hang) (CVE-2006-6054, low)\r\n\r\n * a flaw in IPV6 flow label handling that allowed a local user to\r\n cause a denial of service (crash) (CVE-2007-1592, important)\r\n\r\nNote: The kernel-unsupported package contains various drivers and modules\r\nthat are unsupported and therefore might contain security problems that\r\nhave not been addressed.\r\n\r\nAll Red Hat Enterprise Linux 3 users are advised to upgrade their\r\nkernels to the packages associated with their machine architectures\r\nand configurations as listed in this erratum.", "published": "2007-06-11T17:45:45", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2007:0436", "cvelist": ["CVE-2006-5823", "CVE-2006-6054", "CVE-2007-1592"], "lastseen": "2017-08-02T22:57:53"}, {"id": "RHSA-2007:0672", "type": "redhat", "title": "(RHSA-2007:0672) Important: kernel security update", "description": "The Linux kernel handles the basic functions of the operating system.\r\n\r\nThese new kernel packages contain fixes for the security issues described\r\nbelow:\r\n\r\n* a flaw in IPv6 flow label handling that allowed a local user to cause a\r\ndenial of service (crash). (CVE-2007-1592, Important)\r\n\r\n* a flaw in the ISDN CAPI subsystem that allowed a remote user to cause a\r\ndenial of service or potential privilege escalation. (CVE-2007-1217, Moderate)\r\n\r\n* a flaw in the Bluetooth subsystem that allowed a local user to trigger an\r\ninformation leak. (CVE-2007-1353, Low)\r\n\r\n* various flaws in the supported filesystems that allowed a local\r\nprivileged user to cause a denial of service. (CVE-2006-6054, CVE-2006-6058,\r\nLow)\r\n\r\nRed Hat would like to thank Ilja van Sprundel for reporting an issue fixed\r\nin this erratum.\r\n\r\nAll Red Hat Enterprise Linux 2.1 users are advised to upgrade their kernels\r\nto these updated packages, which contain backported fixes to correct these\r\nissues.", "published": "2007-08-08T04:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2007:0672", "cvelist": ["CVE-2006-6054", "CVE-2006-6058", "CVE-2007-1217", "CVE-2007-1353", "CVE-2007-1592"], "lastseen": "2018-03-14T15:43:10"}, {"id": "RHSA-2007:0673", "type": "redhat", "title": "(RHSA-2007:0673) Important: kernel security update", "description": "The Linux kernel handles the basic functions of the operating system.\r\n\r\nThese new kernel packages contain fixes for the security issues described\r\nbelow:\r\n\r\n* a flaw in IPV6 flow label handling that allowed a local user to\r\ncause a denial of service (crash). (CVE-2007-1592, Important)\r\n\r\n* a flaw in the ISDN CAPI subsystem that allowed a remote user to cause a\r\ndenial of service or potential privilege escalation. (CVE-2007-1217, Moderate)\r\n\r\n* a flaw in the Bluetooth subsystem that allowed a local user to trigger an\r\ninformation leak. (CVE-2007-1353, Low)\r\n\r\n* a flaw in the supported filesystems that allowed a local privileged user\r\nto cause a denial of service. (CVE-2006-6054, Low)\r\n\r\nRed Hat would like to thank Ilja van Sprundel for reporting an issue fixed\r\nin this erratum.\r\n\r\nAll Red Hat Enterprise Linux 2.1 users are advised to upgrade their kernels\r\nto these updated packages, which contain backported fixes to correct these\r\nissues.", "published": "2007-08-08T04:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2007:0673", "cvelist": ["CVE-2006-6054", "CVE-2007-1217", "CVE-2007-1353", "CVE-2007-1592"], "lastseen": "2018-03-14T15:43:08"}], "openvas": [{"id": "OPENVAS:1361412562310880316", "type": "openvas", "title": "CentOS Update for kernel CESA-2007:1049 centos3 i386", "description": "Check for the Version of kernel", "published": "2009-02-27T00:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880316", "cvelist": ["CVE-2007-2172", "CVE-2007-3848", "CVE-2007-3739", "CVE-2007-4308", "CVE-2006-4538"], "lastseen": "2018-04-09T11:41:08"}, {"id": "OPENVAS:880320", "type": "openvas", "title": "CentOS Update for kernel CESA-2007:1049 centos3 x86_64", "description": "Check for the Version of kernel", "published": "2009-02-27T00:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=880320", "cvelist": ["CVE-2007-2172", "CVE-2007-3848", "CVE-2007-3739", "CVE-2007-4308", "CVE-2006-4538"], "lastseen": "2017-07-25T10:55:59"}, {"id": "OPENVAS:1361412562310870197", "type": "openvas", "title": "RedHat Update for kernel RHSA-2007:1049-01", "description": "Check for the Version of kernel", "published": "2009-03-06T00:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870197", "cvelist": ["CVE-2007-2172", "CVE-2007-3848", "CVE-2007-3739", "CVE-2007-4308", "CVE-2006-4538"], "lastseen": "2018-04-09T11:39:24"}, {"id": "OPENVAS:58585", "type": "openvas", "title": "Debian Security Advisory DSA 1363-1 (linux-2.6)", "description": "The remote host is missing an update to linux-2.6\nannounced via advisory DSA 1363-1.", "published": "2008-01-17T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=58585", "cvelist": ["CVE-2007-2172", "CVE-2007-3105", "CVE-2007-4308", "CVE-2007-3843", "CVE-2007-2875"], "lastseen": "2017-07-24T12:50:04"}, {"id": "OPENVAS:880316", "type": "openvas", "title": "CentOS Update for kernel CESA-2007:1049 centos3 i386", "description": "Check for the Version of kernel", "published": "2009-02-27T00:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=880316", "cvelist": ["CVE-2007-2172", "CVE-2007-3848", "CVE-2007-3739", "CVE-2007-4308", "CVE-2006-4538"], "lastseen": "2017-07-25T10:57:00"}, {"id": "OPENVAS:1361412562310880320", "type": "openvas", "title": "CentOS Update for kernel CESA-2007:1049 centos3 x86_64", "description": "Check for the Version of kernel", "published": "2009-02-27T00:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880320", "cvelist": ["CVE-2007-2172", "CVE-2007-3848", "CVE-2007-3739", "CVE-2007-4308", "CVE-2006-4538"], "lastseen": "2018-04-09T11:38:29"}, {"id": "OPENVAS:870197", "type": "openvas", "title": "RedHat Update for kernel RHSA-2007:1049-01", "description": "Check for the Version of kernel", "published": "2009-03-06T00:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=870197", "cvelist": ["CVE-2007-2172", "CVE-2007-3848", "CVE-2007-3739", "CVE-2007-4308", "CVE-2006-4538"], "lastseen": "2017-07-27T10:55:57"}, {"id": "OPENVAS:58528", "type": "openvas", "title": "Debian Security Advisory DSA 1356-1 (linux-2.6)", "description": "The remote host is missing an update to linux-2.6\nannounced via advisory DSA 1356-1.", "published": "2008-01-17T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=58528", "cvelist": ["CVE-2007-2172", "CVE-2007-2876", "CVE-2007-3848", "CVE-2007-1353", "CVE-2007-3851", "CVE-2007-3513", "CVE-2007-2453", "CVE-2007-3642", "CVE-2007-2525"], "lastseen": "2017-07-24T12:50:25"}, {"id": "OPENVAS:840049", "type": "openvas", "title": "Ubuntu Update for linux-source-2.6.15/2.6.17/2.6.20 vulnerabilities USN-464-1", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-464-1", "published": "2009-03-23T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=840049", "cvelist": ["CVE-2007-2172", "CVE-2007-1730", "CVE-2007-1496", "CVE-2007-1592", "CVE-2007-1497", "CVE-2007-1357", "CVE-2007-1388"], "lastseen": "2017-12-04T11:29:38"}, {"id": "OPENVAS:136141256231063344", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:0001-01 (kernel)", "description": "The remote host is missing updates to kernel announced in\nadvisory CESA-2009:0001-01.", "published": "2009-02-10T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063344", "cvelist": ["CVE-2008-2136", "CVE-2007-2172", "CVE-2007-3848", "CVE-2006-4814", "CVE-2007-6151", "CVE-2008-3525", "CVE-2007-4308", "CVE-2008-0007", "CVE-2007-6206", "CVE-2008-4210", "CVE-2008-3275", "CVE-2007-6063"], "lastseen": "2018-04-06T11:40:02"}], "centos": [{"id": "CESA-2007:1049", "type": "centos", "title": "kernel security update", "description": "**CentOS Errata and Security Advisory** CESA-2007:1049\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\r\noperating system. \r\n\r\nA flaw was found in the handling of process death signals. This allowed a\r\nlocal user to send arbitrary signals to the suid-process executed by that\r\nuser. A successful exploitation of this flaw depends on the structure of\r\nthe suid-program and its signal handling. (CVE-2007-3848, Important)\r\n\r\nA flaw was found in the IPv4 forwarding base. This allowed a local user to\r\ncause a denial of service. (CVE-2007-2172, Important) \r\n\r\nA flaw was found where a corrupted executable file could cause cross-region\r\nmemory mappings on Itanium systems. This allowed a local user to cause a\r\ndenial of service. (CVE-2006-4538, Moderate) \r\n\r\nA flaw was found in the stack expansion when using the hugetlb kernel on\r\nPowerPC systems. This allowed a local user to cause a denial of service.\r\n(CVE-2007-3739, Moderate) \r\n\r\nA flaw was found in the aacraid SCSI driver. This allowed a local user to\r\nmake ioctl calls to the driver that should be restricted to privileged\r\nusers. (CVE-2007-4308, Moderate) \r\n\r\nAs well, these updated packages fix the following bug:\r\n\r\n* a bug in the TCP header prediction code may have caused \"TCP: Treason\r\nuncloaked!\" messages to be logged. In certain situations this may have lead\r\nto TCP connections hanging or aborting.\r\n\r\nRed Hat Enterprise Linux 3 users are advised to upgrade to these updated\r\npackages, which contain backported patches to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-December/014479.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-December/014480.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-December/014486.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-December/014487.html\n\n**Affected packages:**\nkernel\nkernel-BOOT\nkernel-doc\nkernel-hugemem\nkernel-hugemem-unsupported\nkernel-smp\nkernel-smp-unsupported\nkernel-source\nkernel-unsupported\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-1049.html", "published": "2007-12-03T19:44:42", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2007-December/014479.html", "cvelist": ["CVE-2007-2172", "CVE-2007-3848", "CVE-2007-3739", "CVE-2007-4308", "CVE-2006-4538"], "lastseen": "2017-10-12T14:46:10"}, {"id": "CESA-2007:0347", "type": "centos", "title": "kernel security update", "description": "**CentOS Errata and Security Advisory** CESA-2007:0347\n\n\nThe Linux kernel handles the basic functions of the operating system.\r\n\r\nThese new kernel packages contain fixes for the following security issues:\r\n\r\n* a flaw in the handling of IPv6 type 0 routing headers that allowed remote\r\nusers to cause a denial of service that led to a network amplification\r\nbetween two routers (CVE-2007-2242, Important).\r\n\r\n* a flaw in the nfnetlink_log netfilter module that allowed a local user to\r\ncause a denial of service (CVE-2007-1496, Important).\r\n\r\n* a flaw in the flow list of listening IPv6 sockets that allowed a local\r\nuser to cause a denial of service (CVE-2007-1592, Important).\r\n\r\n* a flaw in the handling of netlink messages that allowed a local user to\r\ncause a denial of service (infinite recursion) (CVE-2007-1861, Important).\r\n\r\n* a flaw in the IPv4 forwarding base that allowed a local user to cause an\r\nout-of-bounds access (CVE-2007-2172, Important).\r\n\r\n* a flaw in the nf_conntrack netfilter module for IPv6 that allowed remote\r\nusers to bypass certain netfilter rules using IPv6 fragments\r\n(CVE-2007-1497, Moderate).\r\n\r\nIn addition to the security issues described above, fixes for the following\r\nhave been included:\r\n\r\n* a regression in ipv6 routing.\r\n\r\n* an error in memory initialization that caused gdb to output inaccurate\r\nbacktraces on ia64.\r\n\r\n* the nmi watchdog timeout was updated from 5 to 30 seconds.\r\n\r\n* a flaw in distributed lock management that could result in errors during\r\nvirtual machine migration.\r\n\r\n* an omitted include in kernel-headers that led to compile failures for\r\nsome packages.\r\n\r\nRed Hat Enterprise Linux 5 users are advised to upgrade to these packages,\r\nwhich contain backported patches to correct these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-May/013802.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-May/013803.html\n\n**Affected packages:**\nkernel\nkernel-PAE\nkernel-PAE-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-xen\nkernel-xen-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-0347.html", "published": "2007-05-20T02:21:06", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2007-May/013802.html", "cvelist": ["CVE-2007-2172", "CVE-2007-1496", "CVE-2007-2242", "CVE-2007-1592", "CVE-2007-1497", "CVE-2007-1861"], "lastseen": "2017-10-03T18:24:43"}, {"id": "CESA-2007:0488", "type": "centos", "title": "kernel security update", "description": "**CentOS Errata and Security Advisory** CESA-2007:0488\n\n\nThe Linux kernel handles the basic functions of the operating system.\r\n\r\nThese new kernel packages contain fixes for the security issues described\r\nbelow:\r\n\r\n* a flaw in the connection tracking support for SCTP that allowed a remote\r\nuser to cause a denial of service by dereferencing a NULL pointer.\r\n(CVE-2007-2876, Important)\r\n\r\n* a flaw in the mount handling routine for 64-bit systems that allowed a\r\nlocal user to cause denial of service (crash). (CVE-2006-7203, Important)\r\n\r\n* a flaw in the IPv4 forwarding base that allowed a local user to cause an\r\nout-of-bounds access. (CVE-2007-2172, Important)\r\n\r\n* a flaw in the PPP over Ethernet implementation that allowed a local user\r\nto cause a denial of service (memory consumption) by creating a socket\r\nusing connect and then releasing it before the PPPIOCGCHAN ioctl has been\r\ncalled. (CVE-2007-2525, Important)\r\n\r\n* a flaw in the fput ioctl handling of 32-bit applications running on\r\n64-bit platforms that allowed a local user to cause a denial of service\r\n(panic). (CVE-2007-0773, Important)\r\n\r\n* a flaw in the NFS locking daemon that allowed a local user to cause\r\ndenial of service (deadlock). (CVE-2006-5158, Moderate)\r\n\r\n* a flaw in the sysfs_readdir function that allowed a local user to cause a\r\ndenial of service by dereferencing a NULL pointer. (CVE-2007-3104, Moderate)\r\n\r\n* a flaw in the core-dump handling that allowed a local user to create core\r\ndumps from unreadable binaries via PT_INTERP. (CVE-2007-0958, Low) \r\n\r\n* a flaw in the Bluetooth subsystem that allowed a local user to trigger an\r\ninformation leak. (CVE-2007-1353, Low)\r\n\r\nIn addition, the following bugs were addressed:\r\n\r\n* the NFS could recurse on the same spinlock. Also, NFS, under certain\r\nconditions, did not completely clean up Posix locks on a file close,\r\nleading to mount failures.\r\n\r\n* the 32bit compatibility didn't return to userspace correct values for the\r\nrt_sigtimedwait system call.\r\n\r\n* the count for unused inodes could be incorrect at times, resulting in\r\ndirty data not being written to disk in a timely manner.\r\n\r\n* the cciss driver had an incorrect disk size calculation (off-by-one\r\nerror) which prevented disk dumps.\r\n\r\nRed Hat would like to thank Ilja van Sprundel and the OpenVZ Linux kernel\r\nteam for reporting issues fixed in this erratum.\r\n\r\nAll Red Hat Enterprise Linux 4 users are advised to upgrade their kernels\r\nto the packages associated with their machine architectures and\r\nconfigurations as listed in this erratum.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-June/013980.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-June/013981.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-June/014010.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-June/014013.html\n\n**Affected packages:**\nkernel\nkernel-devel\nkernel-doc\nkernel-hugemem\nkernel-hugemem-devel\nkernel-largesmp\nkernel-largesmp-devel\nkernel-smp\nkernel-smp-devel\nkernel-xenU\nkernel-xenU-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-0488.html", "published": "2007-06-26T23:50:36", "cvss": {"score": 6.1, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2007-June/013980.html", "cvelist": ["CVE-2007-2172", "CVE-2007-2876", "CVE-2007-0773", "CVE-2007-3104", "CVE-2006-5158", "CVE-2007-1353", "CVE-2006-7203", "CVE-2007-0958", "CVE-2007-2525"], "lastseen": "2017-10-12T14:45:16"}, {"id": "CESA-2009:0001-01", "type": "centos", "title": "kernel security update", "description": "**CentOS Errata and Security Advisory** CESA-2009:0001-01\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThese updated packages fix the following security issues:\n\n* a flaw was found in the IPv4 forwarding base. This could allow a local,\nunprivileged user to cause a denial of service. (CVE-2007-2172,\nImportant)\n\n* a flaw was found in the handling of process death signals. This allowed a\nlocal, unprivileged user to send arbitrary signals to the suid-process\nexecuted by that user. Successful exploitation of this flaw depends on the\nstructure of the suid-program and its signal handling. (CVE-2007-3848,\nImportant)\n\n* when accessing kernel memory locations, certain Linux kernel drivers\nregistering a fault handler did not perform required range checks. A local,\nunprivileged user could use this flaw to gain read or write access to\narbitrary kernel memory, or possibly cause a denial of service.\n(CVE-2008-0007, Important)\n\n* a possible kernel memory leak was found in the Linux kernel Simple\nInternet Transition (SIT) INET6 implementation. This could allow a local,\nunprivileged user to cause a denial of service. (CVE-2008-2136, Important)\n\n* missing capability checks were found in the SBNI WAN driver which could\nallow a local, unprivileged user to bypass intended capability\nrestrictions. (CVE-2008-3525, Important)\n\n* a flaw was found in the way files were written using truncate() or\nftruncate(). This could allow a local, unprivileged user to acquire the\nprivileges of a different group and obtain access to sensitive information.\n(CVE-2008-4210, Important)\n\n* a race condition in the mincore system core allowed a local, unprivileged\nuser to cause a denial of service. (CVE-2006-4814, Moderate)\n\n* a flaw was found in the aacraid SCSI driver. This allowed a local,\nunprivileged user to make ioctl calls to the driver which should otherwise\nbe restricted to privileged users. (CVE-2007-4308, Moderate)\n\n* two buffer overflow flaws were found in the Integrated Services Digital\nNetwork (ISDN) subsystem. A local, unprivileged user could use these flaws\nto cause a denial of service. (CVE-2007-6063, CVE-2007-6151, Moderate)\n\n* a flaw was found in the way core dump files were created. If a local,\nunprivileged user could make a root-owned process dump a core file into a\nuser-writable directory, the user could gain read access to that core file,\npotentially compromising sensitive information. (CVE-2007-6206, Moderate)\n\n* a deficiency was found in the Linux kernel virtual file system (VFS)\nimplementation. This could allow a local, unprivileged user to attempt file\ncreation within deleted directories, possibly causing a denial of service.\n(CVE-2008-3275, Moderate)\n\nAll users of Red Hat Enterprise Linux 2.1 on 32-bit architectures should\nupgrade to these updated packages which address these vulnerabilities. For\nthis update to take effect, the system must be rebooted.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-February/015576.html\n\n**Affected packages:**\nkernel\nkernel-BOOT\nkernel-debug\nkernel-doc\nkernel-enterprise\nkernel-headers\nkernel-smp\nkernel-source\nkernel-summit\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "published": "2009-02-02T23:36:06", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2009-February/015576.html", "cvelist": ["CVE-2008-2136", "CVE-2007-2172", "CVE-2007-3848", "CVE-2006-4814", "CVE-2007-6151", "CVE-2008-3525", "CVE-2007-4308", "CVE-2008-0007", "CVE-2007-6206", "CVE-2008-4210", "CVE-2008-3275", "CVE-2007-6063"], "lastseen": "2018-01-25T01:01:18"}, {"id": "CESA-2007:0436", "type": "centos", "title": "gdb, kernel security update", "description": "**CentOS Errata and Security Advisory** CESA-2007:0436\n\n\nThe Linux kernel handles the basic functions of the operating system.\r\n\r\nThis is the ninth regular kernel update to Red Hat Enterprise Linux 3.\r\n\r\nThere were no new features introduced by this update. The only changes\r\nthat have been included address critical customer needs or security\r\nissues (elaborated below).\r\n\r\nKey areas affected by fixes in this update include the networking\r\nsubsystem, dcache handling, the ext2 and ext3 file systems, the USB\r\nsubsystem, ACPI handling, and the audit subsystem. There were also\r\nseveral isolated fixes in the tg3, e1000, megaraid_sas, and aacraid\r\ndevice drivers.\r\n\r\nThe following security bugs were fixed in this update:\r\n\r\n * a flaw in the cramfs file system that allowed invalid compressed\r\n data to cause memory corruption (CVE-2006-5823, low)\r\n\r\n * a flaw in the ext2 file system that allowed an invalid inode size\r\n to cause a denial of service (system hang) (CVE-2006-6054, low)\r\n\r\n * a flaw in IPV6 flow label handling that allowed a local user to\r\n cause a denial of service (crash) (CVE-2007-1592, important)\r\n\r\nNote: The kernel-unsupported package contains various drivers and modules\r\nthat are unsupported and therefore might contain security problems that\r\nhave not been addressed.\r\n\r\nAll Red Hat Enterprise Linux 3 users are advised to upgrade their\r\nkernels to the packages associated with their machine architectures\r\nand configurations as listed in this erratum.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-June/013900.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-June/013903.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-June/013914.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-June/013915.html\n\n**Affected packages:**\ngdb\nkernel\nkernel-BOOT\nkernel-doc\nkernel-hugemem\nkernel-hugemem-unsupported\nkernel-smp\nkernel-smp-unsupported\nkernel-source\nkernel-unsupported\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-0436.html", "published": "2007-06-11T22:34:46", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2007-June/013900.html", "cvelist": ["CVE-2006-6054", "CVE-2007-1592", "CVE-2006-5823"], "lastseen": "2017-10-12T14:45:57"}, {"id": "CESA-2007:0672-01", "type": "centos", "title": "kernel security update", "description": "**CentOS Errata and Security Advisory** CESA-2007:0672-01\n\n\nThe Linux kernel handles the basic functions of the operating system.\r\n\r\nThese new kernel packages contain fixes for the security issues described\r\nbelow:\r\n\r\n* a flaw in IPv6 flow label handling that allowed a local user to cause a\r\ndenial of service (crash). (CVE-2007-1592, Important)\r\n\r\n* a flaw in the ISDN CAPI subsystem that allowed a remote user to cause a\r\ndenial of service or potential privilege escalation. (CVE-2007-1217, Moderate)\r\n\r\n* a flaw in the Bluetooth subsystem that allowed a local user to trigger an\r\ninformation leak. (CVE-2007-1353, Low)\r\n\r\n* various flaws in the supported filesystems that allowed a local\r\nprivileged user to cause a denial of service. (CVE-2006-6054, CVE-2006-6058,\r\nLow)\r\n\r\nRed Hat would like to thank Ilja van Sprundel for reporting an issue fixed\r\nin this erratum.\r\n\r\nAll Red Hat Enterprise Linux 2.1 users are advised to upgrade their kernels\r\nto these updated packages, which contain backported fixes to correct these\r\nissues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-August/014139.html\n\n**Affected packages:**\nkernel\nkernel-BOOT\nkernel-debug\nkernel-doc\nkernel-enterprise\nkernel-headers\nkernel-smp\nkernel-source\nkernel-summit\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "published": "2007-08-09T04:54:35", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2007-August/014139.html", "cvelist": ["CVE-2006-6054", "CVE-2007-1353", "CVE-2007-1592", "CVE-2006-6058", "CVE-2007-1217"], "lastseen": "2018-01-25T11:02:45"}], "oraclelinux": [{"id": "ELSA-2007-1049", "type": "oraclelinux", "title": "Important: kernel security and bug fix update ", "description": " [kernel-2.4.21-53.EL]\n - Fix ipv4 treason uncloaked message (Anton Arapov) [249237]\n - Fix ipv4 fib-sem-out-of-bounds checking (Don Howard) [250429] {CVE-2007-2172}\n - Reset current->pdeath_signal on SUID binary execution (Peter Zijlstra) [251117] {CVE-2007-3848}\n - Fix local DoS with corrupted elf on ia64 (Don Howard) [289171] {CVE-2006-4538}\n - prevent stack from growing into hugepages region (Don Howard) [294951] {CVE-2007-3739}\n - Fix missing ioctl permission checks in aacraid (Don Howard) [298331] {CVE-2007-4308} ", "published": "2007-12-04T00:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2007-1049.html", "cvelist": ["CVE-2007-2172", "CVE-2007-3848", "CVE-2007-3739", "CVE-2007-4308", "CVE-2006-4538"], "lastseen": "2016-09-04T11:17:02"}, {"id": "ELSA-2007-0488", "type": "oraclelinux", "title": "Important: kernel security update ", "description": " [2.6.9-55.0.2.0.1]\n - fix entropy flag in bnx2 driver to generate entropy pool (John \n Sobecki) [orabug 5931647]\n - fix for nfs open call taking longer issue (Chuck Lever) orabug 5580407 \n bz [219412]\n - fix enomem due to larger mtu size page alloc (Zach Brown) orabug 5486128\n - fix per_cpu() api bug_on with rds (Zach Brown) orabug 5760648\n - limit nr_requests in cfq io scheduler ( Jens Axboe) bz 234278 orabug \n 5899829\n \n [2.6.9-55.0.2]\n -cciss: fix size calculation in diskdump (Bryn Reeves) [243902]\n \n [2.6.9-55.0.1]\n -fix kernel spinlock panic in nfs/inode.c (Peter Staubach) [240855]\n -fix core-dumping unreadable binaries via PT_INTERP (Eric Sandeen) \n [243256] {CVE-2007-0958}\n -nlm: when reclaiming locks, skip non-posix locks (Jeff Layton) [243251] \n {CVE-2006-5158}\n -add missing fput() in a 32-bit ioctl on 64-bit x86 systems (Jeff Burke) \n [243252] {CVE-2007-0773}\n -prevent oops in compat_sys_mount with NULL data pointer (Jeff Layton) \n [243263] {CVE-2006-7203}\n -fix 32bit-compat rt_sigtimedwait (Guy Streeter) [240458]\n -nfs: fix repeated NFS mount failures lead to kernel panic (Peter \n Staubach) [240851]\n -safely store sysfs inode nrs in the sysfs dirent (Eric Sandeen) [242558]\n -protect sysfs ->s_dentry w/ locking (Eric Sandeen) [242558]\n -fix nr_unused accounting (Eric Sandeen) [241784]\n -fix bluetooth setsockopt() information leaks (Don Howard) [243259] \n {CVE-2007-1353}\n -fix DoS in PPPOE (Neil Horman) [243262] {CVE-2007-2525}\n -fix out of bounds fib_probs access vulnerability (Neil Horman) [243261] \n {CVE-2007-2172}\n -ip_conntrack_sctp: fix remotely triggerable NULL ptr dereference (Don \n Howard) [243746] {CVE-2007-2876 ", "published": "2007-06-26T00:00:00", "cvss": {"score": 6.1, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2007-0488.html", "cvelist": ["CVE-2007-2172", "CVE-2007-2876", "CVE-2007-0773", "CVE-2007-3104", "CVE-2006-5158", "CVE-2007-1353", "CVE-2006-7203", "CVE-2007-0958", "CVE-2007-2525"], "lastseen": "2016-09-04T11:15:55"}, {"id": "ELSA-2007-0347", "type": "oraclelinux", "title": "Important: kernel security and bug fix update ", "description": " [2.6.18-8.1.4.0.1.el5]\n -Fix bonding primary=ethX so it picks correct network (Bert Barbe) [IT \n 101532] [ORA 5136660]\n -Add entropy module option to e1000 (John Sobecki) [ORA 6045759]\n -Add entropy module option to bnx2 (John Sobecki) [ORA 6045759]\n \n [2.6.18.8.1.4.el5]\n - [ipv6] Fix routing regression. (David S. Miller ) [238046]\n - [mm] Gdb does not accurately output the backtrace. (Dave Anderson ) \n [235511]\n - [NMI] change watchdog timeout to 30 seconds (Larry Woodman ) [237655]\n - [dlm] fix mode munging (David Teigland ) [238731]\n - [net] kernel-headers: missing include of types.h (Neil Horman ) [238749]\n - [net] fib_semantics.c out of bounds check (Thomas Graf ) [238948] \n {CVE-2007-2172}\n - [net] disallow RH0 by default (Thomas Graf ) [238949] {CVE-2007-2242}\n - [net] Fix user OOPS'able bug in FIB netlink (David S. Miller ) \n [238960] {CVE-2007-1861}\n - [net] IPv6 fragments bypass in nf_conntrack netfilter code (Thomas \n Graf ) [238947] {CVE-2007-1497}\n - [net] ipv6_fl_socklist is inadvertently shared (David S. Miller ) \n [238944] {CVE-2007-1592}\n - [net] Various NULL pointer dereferences in netfilter code (Thomas Graf \n ) [238946] {CVE-2007-1496}\n \n [2.6.18-8.1.3.el5]\n - [s390] page_mkclean causes data corruption on s390 (Jan Glauber ) [236605]\n \n [2.6.18-8.1.2.el5]\n - [utrace] exploit and unkillable cpu fixes (Roland McGrath ) [228816] \n (CVE-2007-0771)\n - [net] IPV6 security holes in ipv6_sockglue.c - 2 (David S. Miller ) \n [232257] {CVE-2007-1000}\n - [net] IPV6 security holes in ipv6_sockglue.c (David S. Miller ) \n [232255] {CVE-2007-1388}\n - [audit] GFP_KERNEL allocations in non-blocking context fix (Alexander \n Viro ) [233157]\n \n [2.6.18-8.1.1.el5]\n - [cpufreq] Remove __initdata from tscsync (Prarit Bhargava ) [229887]\n - [security] Fix key serial number collision problem (David Howells ) \n [229883] {CVE-2007-0006}\n - [fs] Don't core dump read-only binarys (Don Howard ) [229885] \n {CVE-2007-0958}\n - [xen] Enable booting on machines with > 64G (Chris Lalancette) [230117]\n - Fix potential buffer overflow in cardman 4040 cmx driver (Don Howard) \n [229884] {CVE-2007-0005} ", "published": "2007-06-26T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2007-0347.html", "cvelist": ["CVE-2007-2172", "CVE-2007-0006", "CVE-2007-1496", "CVE-2007-2242", "CVE-2007-1592", "CVE-2007-0958", "CVE-2007-1497", "CVE-2007-0005", "CVE-2007-1861", "CVE-2007-1000", "CVE-2007-0771", "CVE-2007-1388"], "lastseen": "2016-09-04T11:16:06"}], "ubuntu": [{"id": "USN-464-1", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "description": "Philipp Richter discovered that the AppleTalk protocol handler did not sufficiently verify the length of packets. By sending a crafted AppleTalk packet, a remote attacker could exploit this to crash the kernel. (CVE-2007-1357)\n\nGabriel Campana discovered that the do_ipv6_setsockopt() function did not sufficiently verifiy option values for IPV6_RTHDR. A local attacker could exploit this to trigger a kernel crash. (CVE-2007-1388)\n\nA Denial of Service vulnerability was discovered in the nfnetlink_log() netfilter function. A remote attacker could exploit this to trigger a kernel crash. (CVE-2007-1496)\n\nThe connection tracking module for IPv6 did not properly handle the status field when reassembling fragmented packets, so that the final packet always had the \u2018established\u2019 state. A remote attacker could exploit this to bypass intended firewall rules. (CVE-2007-1497)\n\nMasayuki Nakagawa discovered an error in the flowlabel handling of IPv6 network sockets. A local attacker could exploit this to crash the kernel. (CVE-2007-1592)\n\nThe do_dccp_getsockopt() function did not sufficiently verify the optlen argument. A local attacker could exploit this to read kernel memory (which might expose sensitive data) or cause a kernel crash. This only affects Ubuntu 7.04. (CVE-2007-1730)\n\nThe IPv4 and DECnet network protocol handlers incorrectly declared an array variable so that it became smaller than intended. By sending crafted packets over a netlink socket, a local attacker could exploit this to crash the kernel. (CVE-2007-2172)", "published": "2007-05-24T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/464-1/", "cvelist": ["CVE-2007-2172", "CVE-2007-1730", "CVE-2007-1496", "CVE-2007-1592", "CVE-2007-1497", "CVE-2007-1357", "CVE-2007-1388"], "lastseen": "2018-03-29T18:20:27"}, {"id": "USN-508-1", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "description": "A buffer overflow was discovered in the Moxa serial driver. Local attackers could execute arbitrary code and gain root privileges. (CVE-2005-0504)\n\nA flaw was discovered in the IPv6 stack\u2019s handling of type 0 route headers. By sending a specially crafted IPv6 packet, a remote attacker could cause a denial of service between two IPv6 hosts. (CVE-2007-2242)\n\nA flaw in the sysfs_readdir function allowed a local user to cause a denial of service by dereferencing a NULL pointer. (CVE-2007-3104)\n\nA buffer overflow was discovered in the random number generator. In environments with granular assignment of root privileges, a local attacker could gain additional privileges. (CVE-2007-3105)\n\nIt was discovered that certain setuid-root processes did not correctly reset process death signal handlers. A local user could manipulate this to send signals to processes they would not normally have access to. (CVE-2007-3848)\n\nIt was discovered that the aacraid SCSI driver did not correctly check permissions on certain ioctls. A local attacker could cause a denial of service or gain privileges. (CVE-2007-4308)", "published": "2007-08-31T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/508-1/", "cvelist": ["CVE-2007-3848", "CVE-2007-3104", "CVE-2005-0504", "CVE-2007-3105", "CVE-2007-4308", "CVE-2007-2242"], "lastseen": "2018-03-29T18:18:58"}, {"id": "USN-486-1", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "description": "The compat_sys_mount function allowed local users to cause a denial of service when mounting a smbfs filesystem in compatibility mode. (CVE-2006-7203)\n\nThe Omnikey CardMan 4040 driver (cm4040_cs) did not limit the size of buffers passed to read() and write(). A local attacker could exploit this to execute arbitrary code with kernel privileges. (CVE-2007-0005)\n\nDue to a variable handling flaw in the ipv6_getsockopt_sticky() function a local attacker could exploit the getsockopt() calls to read arbitrary kernel memory. This could disclose sensitive data. (CVE-2007-1000)\n\nIlja van Sprundel discovered that Bluetooth setsockopt calls could leak kernel memory contents via an uninitialized stack buffer. A local attacker could exploit this flaw to view sensitive kernel information. (CVE-2007-1353)\n\nA flaw was discovered in the handling of netlink messages. Local attackers could cause infinite recursion leading to a denial of service. (CVE-2007-1861)\n\nA flaw was discovered in the IPv6 stack\u2019s handling of type 0 route headers. By sending a specially crafted IPv6 packet, a remote attacker could cause a denial of service between two IPv6 hosts. (CVE-2007-2242)\n\nThe random number generator was hashing a subset of the available entropy, leading to slightly less random numbers. Additionally, systems without an entropy source would be seeded with the same inputs at boot time, leading to a repeatable series of random numbers. (CVE-2007-2453)\n\nA flaw was discovered in the PPP over Ethernet implementation. Local attackers could manipulate ioctls and cause kernel memory consumption leading to a denial of service. (CVE-2007-2525)\n\nAn integer underflow was discovered in the cpuset filesystem. If mounted, local attackers could obtain kernel memory using large file offsets while reading the tasks file. This could disclose sensitive data. (CVE-2007-2875)\n\nVilmos Nebehaj discovered that the SCTP netfilter code did not correctly validate certain states. A remote attacker could send a specially crafted packet causing a denial of service. (CVE-2007-2876)\n\nLuca Tettamanti discovered a flaw in the VFAT compat ioctls on 64-bit systems. A local attacker could corrupt a kernel_dirent struct and cause a denial of service. (CVE-2007-2878)", "published": "2007-07-18T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/486-1/", "cvelist": ["CVE-2007-2876", "CVE-2007-1353", "CVE-2006-7203", "CVE-2007-2242", "CVE-2007-2453", "CVE-2007-2875", "CVE-2007-0005", "CVE-2007-1861", "CVE-2007-1000", "CVE-2007-2878", "CVE-2007-2525"], "lastseen": "2018-03-29T18:20:50"}, {"id": "USN-489-1", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "description": "A flaw was discovered in dvb ULE decapsulation. A remote attacker could send a specially crafted message and cause a denial of service. (CVE-2006-4623)\n\nThe compat_sys_mount function allowed local users to cause a denial of service when mounting a smbfs filesystem in compatibility mode. (CVE-2006-7203)\n\nThe Omnikey CardMan 4040 driver (cm4040_cs) did not limit the size of buffers passed to read() and write(). A local attacker could exploit this to execute arbitrary code with kernel privileges. (CVE-2007-0005)\n\nDue to an variable handling flaw in the ipv6_getsockopt_sticky() function a local attacker could exploit the getsockopt() calls to read arbitrary kernel memory. This could disclose sensitive data. (CVE-2007-1000)\n\nIlja van Sprundel discovered that Bluetooth setsockopt calls could leak kernel memory contents via an uninitialized stack buffer. A local attacker could exploit this flaw to view sensitive kernel information. (CVE-2007-1353)\n\nA flaw was discovered in the handling of netlink messages. Local attackers could cause infinite recursion leading to a denial of service. (CVE-2007-1861)\n\nThe random number generator was hashing a subset of the available entropy, leading to slightly less random numbers. Additionally, systems without an entropy source would be seeded with the same inputs at boot time, leading to a repeatable series of random numbers. (CVE-2007-2453)\n\nA flaw was discovered in the PPP over Ethernet implementation. Local attackers could manipulate ioctls and cause kernel memory consumption leading to a denial of service. (CVE-2007-2525)\n\nAn integer underflow was discovered in the cpuset filesystem. If mounted, local attackers could obtain kernel memory using large file offsets while reading the tasks file. This could disclose sensitive data. (CVE-2007-2875)\n\nVilmos Nebehaj discovered that the SCTP netfilter code did not correctly validate certain states. A remote attacker could send a specially crafted packet causing a denial of service. (CVE-2007-2876)\n\nLuca Tettamanti discovered a flaw in the VFAT compat ioctls on 64-bit systems. A local attacker could corrupt a kernel_dirent struct and cause a denial of service. (CVE-2007-2878)\n\nA flaw was discovered in the cluster manager. A remote attacker could connect to the DLM port and block further DLM operations. (CVE-2007-3380)\n\nA flaw was discovered in the usblcd driver. A local attacker could cause large amounts of kernel memory consumption, leading to a denial of service. (CVE-2007-3513)", "published": "2007-07-19T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/489-1/", "cvelist": ["CVE-2007-2876", "CVE-2007-1353", "CVE-2006-7203", "CVE-2007-3380", "CVE-2007-3513", "CVE-2007-2453", "CVE-2007-2875", "CVE-2007-0005", "CVE-2006-4623", "CVE-2007-1861", "CVE-2007-1000", "CVE-2007-2878", "CVE-2007-2525"], "lastseen": "2018-03-29T18:18:01"}], "suse": [{"id": "SUSE-SA:2007:043", "type": "suse", "title": "remote denial of service in kernel", "description": "The SUSE Linux 10.0 and openSUSE 10.2 have been updated to fix various security problems.\n#### Solution\nThere is no known workaround, please install the update packages.", "published": "2007-07-09T14:31:09", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00005.html", "cvelist": ["CVE-2007-2876", "CVE-2006-7203", "CVE-2007-1496", "CVE-2007-1592", "CVE-2007-2453", "CVE-2007-1497", "CVE-2007-1357", "CVE-2007-1861"], "lastseen": "2016-09-04T11:37:36"}, {"id": "SUSE-SA:2007:051", "type": "suse", "title": "remote denial of service in kernel", "description": "The Linux kernel in SLE 10 and SUSE Linux 10.1 was updated to fix various security issues and lots of bugs spotted after the Service Pack 1 release.\n#### Solution\nThere is no known workaround, please install the update packages.", "published": "2007-09-06T17:18:55", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2007-09/msg00000.html", "cvelist": ["CVE-2007-2876", "CVE-2007-3848", "CVE-2007-3107", "CVE-2007-3851", "CVE-2007-3105", "CVE-2007-3513", "CVE-2007-2242", "CVE-2007-2453", "CVE-2007-2525"], "lastseen": "2016-09-04T11:56:25"}, {"id": "SUSE-SA:2008:006", "type": "suse", "title": "local privilege escalation in kernel", "description": "The Linux kernel contained various security problems for which we released updates.\n#### Solution\nThere is no known workaround, please install the update packages.", "published": "2008-02-07T11:18:53", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html", "cvelist": ["CVE-2008-0731", "CVE-2007-6417", "CVE-2007-3848", "CVE-2008-0001", "CVE-2007-4308", "CVE-2007-2242", "CVE-2007-4997", "CVE-2008-0007", "CVE-2007-3843", "CVE-2007-3740", "CVE-2007-5966", "CVE-2007-6063"], "lastseen": "2016-09-04T11:28:28"}, {"id": "SUSE-SA:2007:029", "type": "suse", "title": "remote denial of service in kernel", "description": "This kernel update for openSUSE 10.2 fixes the following security problems:\n#### Solution\nThere is no known workaround, please install the update packages.", "published": "2007-05-03T18:12:20", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2007-05/msg00007.html", "cvelist": ["CVE-2007-1592", "CVE-2007-1357", "CVE-2007-1000", "CVE-2007-1388"], "lastseen": "2016-09-04T11:23:07"}, {"id": "SUSE-SA:2007:030", "type": "suse", "title": "remote denial of service in kernel", "description": "This kernel update for SUSE Linux 9.3 fixes the following security problems:\n#### Solution\nThere is no known workaround, please install the update packages.", "published": "2007-05-10T11:16:32", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2007-05/msg00005.html", "cvelist": ["CVE-2006-6106", "CVE-2007-1592", "CVE-2006-5753", "CVE-2007-1357", "CVE-2006-2936", "CVE-2006-5749"], "lastseen": "2016-09-04T11:57:19"}, {"id": "SUSE-SA:2007:035", "type": "suse", "title": "remote denial of service in kernel", "description": "This kernel update fixes the following security problems in our SUSE Linux Enterprise Server 9, Novell Linux Desktop 9 and Open Enterprise Server kernels.\n#### Solution\nThere is no known workaround, please install the update packages.", "published": "2007-06-14T16:33:34", "cvss": {"score": 9.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2007-06/msg00004.html", "cvelist": ["CVE-2006-6535", "CVE-2007-1353", "CVE-2006-7203", "CVE-2006-6106", "CVE-2006-5754", "CVE-2007-1592", "CVE-2006-5871", "CVE-2006-5753", "CVE-2007-1357", "CVE-2006-2936", "CVE-2006-5749"], "lastseen": "2016-09-04T11:50:35"}], "freebsd": [{"id": "275B845E-F56C-11DB-8163-000E0C2E438A", "type": "freebsd", "title": "FreeBSD -- IPv6 Routing Header 0 is dangerous", "description": "\nProblem Description\nThere is no mechanism for preventing IPv6 routing headers\n\t from being used to route packets over the same link(s) many\n\t times.\nImpact\nAn attacker can \"amplify\" a denial of service attack against\n\t a link between two vulnerable hosts; that is, by sending a\n\t small volume of traffic the attacker can consume a much larger\n\t amount of bandwidth between the two vulnerable hosts.\nAn attacker can use vulnerable hosts to \"concentrate\" a\n\t denial of service attack against a victim host or network;\n\t that is, a set of packets sent over a period of 30 seconds\n\t or more could be constructed such that they all arrive at\n\t the victim within a period of 1 second or less over a\n\t period of 30 seconds or more could be constructed such that\n\t they all arrive at the victim within a period of 1 second or\n\t less.\nOther attacks may also be possible.\nWorkaround\nNo workaround is available.\n", "published": "2007-04-26T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://vuxml.freebsd.org/freebsd/275b845e-f56c-11db-8163-000e0c2e438a.html", "cvelist": ["CVE-2007-2242"], "lastseen": "2016-09-26T17:25:02"}], "exploitdb": [{"id": "EDB-ID:29916", "type": "exploitdb", "title": "Linux Kernel 2.6.x - NETLINK_FIB_LOOKUP Local Denial of Service Vulnerability", "description": "Linux Kernel 2.6.x NETLINK_FIB_LOOKUP Local Denial of Service Vulnerability. CVE-2007-1861. Dos exploit for linux platform", "published": "2007-04-26T00:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://www.exploit-db.com/exploits/29916/", "cvelist": ["CVE-2007-1861"], "lastseen": "2016-02-03T11:23:44"}]}}
