(RHSA-2007:0671) Moderate: kernel security and bugfix update
2007-08-16T04:00:00
ID RHSA-2007:0671 Type redhat Reporter RedHat Modified 2017-07-28T18:43:48
Description
The Linux kernel handles the basic functions of the operating system.
These new kernel packages contain fixes for the security issues described
below:
a flaw in the ISDN CAPI subsystem that allowed a remote user to cause a
denial of service or potential privilege escalation. (CVE-2007-1217, Moderate)
a flaw in the Bluetooth subsystem that allowed a local user to trigger an
information leak. (CVE-2007-1353, Low)
In addition to the security issues described above, fixes for the following
have been included:
a race condition in the e1000 network driver that could cause ESB2
systems to be started without the RX unit being turned on.
a related e1000 bug on ESB2 systems that could cause rlogin to fail.
Red Hat would like to thank Ilja van Sprundel for reporting an issue fixed
in this erratum.
Note: The kernel-unsupported package contains various drivers and modules
that are unsupported and therefore might contain security problems that
have not been addressed.
All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels
to the packages associated with their machine architecture and
configurations as listed in this erratum.
{"cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "viewCount": 0, "reporter": "RedHat", "references": [], "description": "The Linux kernel handles the basic functions of the operating system.\r\n\r\nThese new kernel packages contain fixes for the security issues described\r\nbelow:\r\n\r\n* a flaw in the ISDN CAPI subsystem that allowed a remote user to cause a\r\ndenial of service or potential privilege escalation. (CVE-2007-1217, Moderate)\r\n\r\n* a flaw in the Bluetooth subsystem that allowed a local user to trigger an\r\ninformation leak. (CVE-2007-1353, Low) \r\n\r\nIn addition to the security issues described above, fixes for the following\r\nhave been included:\r\n\r\n* a race condition in the e1000 network driver that could cause ESB2\r\nsystems to be started without the RX unit being turned on. \r\n\r\n* a related e1000 bug on ESB2 systems that could cause rlogin to fail.\r\n\r\nRed Hat would like to thank Ilja van Sprundel for reporting an issue fixed\r\nin this erratum. \r\n\r\nNote: The kernel-unsupported package contains various drivers and modules\r\nthat are unsupported and therefore might contain security problems that\r\nhave not been addressed.\r\n\r\nAll Red Hat Enterprise Linux 3 users are advised to upgrade their kernels\r\nto the packages associated with their machine architecture and\r\nconfigurations as listed in this erratum.", "href": "https://access.redhat.com/errata/RHSA-2007:0671", "modified": "2017-07-28T18:43:48", "objectVersion": "1.4", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "enchantments": {"vulnersScore": 7.2}, "id": "RHSA-2007:0671", "title": "(RHSA-2007:0671) Moderate: kernel security and bugfix update", "bulletinFamily": "unix", "published": "2007-08-16T04:00:00", "enchantments_done": [], "type": "redhat", "_object_type": "robots.models.redhat.RedHatBulletin", "history": [], "affectedPackage": [{"packageFilename": "kernel-2.4.21-51.EL.ppc64iseries.rpm", "OS": "RedHat", "OSVersion": "any", "packageName": "kernel", "operator": "lt", "packageVersion": "2.4.21-51.EL", "arch": "ppc64iseries"}, {"packageFilename": "kernel-source-2.4.21-51.EL.ppc64.rpm", "OS": "RedHat", "OSVersion": "any", "packageName": "kernel-source", "operator": "lt", "packageVersion": "2.4.21-51.EL", "arch": "ppc64"}, {"packageFilename": "kernel-2.4.21-51.EL.ppc64pseries.rpm", "OS": "RedHat", "OSVersion": "any", "packageName": "kernel", "operator": "lt", "packageVersion": "2.4.21-51.EL", "arch": "ppc64pseries"}, {"packageFilename": "kernel-unsupported-2.4.21-51.EL.ppc64pseries.rpm", "OS": "RedHat", "OSVersion": "any", "packageName": "kernel-unsupported", "operator": "lt", "packageVersion": "2.4.21-51.EL", "arch": "ppc64pseries"}, {"packageFilename": "kernel-doc-2.4.21-51.EL.ppc64.rpm", "OS": "RedHat", "OSVersion": "any", "packageName": "kernel-doc", "operator": "lt", "packageVersion": "2.4.21-51.EL", "arch": "ppc64"}, {"packageFilename": "kernel-unsupported-2.4.21-51.EL.ppc64iseries.rpm", "OS": "RedHat", "OSVersion": "any", "packageName": "kernel-unsupported", "operator": "lt", "packageVersion": "2.4.21-51.EL", "arch": "ppc64iseries"}], "cvelist": ["CVE-2007-1217", "CVE-2007-1353"], "lastseen": "2017-08-01T06:58:07"}
{"result": {"cve": [{"id": "CVE-2007-1217", "type": "cve", "title": "CVE-2007-1217", "description": "Buffer overflow in the bufprint function in capiutil.c in libcapi, as used in Linux kernel 2.6.9 to 2.6.20 and isdn4k-utils, allows local users to cause a denial of service (crash) and possibly gain privileges via a crafted CAPI packet.", "published": "2007-03-02T16:18:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1217", "cvelist": ["CVE-2007-1217"], "lastseen": "2017-10-11T11:07:02"}, {"id": "CVE-2007-1353", "type": "cve", "title": "CVE-2007-1353", "description": "The setsockopt function in the L2CAP and HCI Bluetooth support in the Linux kernel before 2.4.34.3 allows context-dependent attackers to read kernel memory and obtain sensitive information via unspecified vectors involving the copy_from_user function accessing an uninitialized stack buffer.", "published": "2007-04-24T12:19:00", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1353", "cvelist": ["CVE-2007-1353"], "lastseen": "2017-10-11T11:07:02"}], "f5": [{"id": "SOL8917", "type": "f5", "title": "SOL8917 - Linux kernel vulnerability CVE-2007-1217", "description": "A flaw in the ISDN CAPI subsystem allows a remote user to cause a denial of service or potential remote access. Exploitation would require the attacker to be able to send arbitrary frames over the ISDN network to the vulnerable system.\n\nInformation about this advisory is available at the following location:\n\n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1217>\n", "published": "2008-06-30T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://support.f5.com/kb/en-us/solutions/public/8000/900/sol8917.html", "cvelist": ["CVE-2007-1217"], "lastseen": "2016-09-26T17:23:20"}], "gentoo": [{"id": "GLSA-200704-23", "type": "gentoo", "title": "capi4k-utils: Buffer overflow", "description": "### Background\n\ncapi4k-utils is a set of utilities for accessing COMMON-ISDN-API software interfaces for ISDN devices. \n\n### Description\n\nThe bufprint() function in capi4k-utils fails to properly check boundaries of data coming from CAPI packets. \n\n### Impact\n\nA local attacker could possibly escalate privileges or cause a Denial of Service by sending a crafted CAPI packet. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll capi4k-utils users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-dialup/capi4k-utils-20050718-r3\"", "published": "2007-04-27T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/200704-23", "cvelist": ["CVE-2007-1217"], "lastseen": "2016-09-06T19:46:31"}], "nessus": [{"id": "GENTOO_GLSA-200704-23.NASL", "type": "nessus", "title": "GLSA-200704-23 : capi4k-utils: Buffer overflow", "description": "The remote host is affected by the vulnerability described in GLSA-200704-23 (capi4k-utils: Buffer overflow)\n\n The bufprint() function in capi4k-utils fails to properly check boundaries of data coming from CAPI packets.\n Impact :\n\n A local attacker could possibly escalate privileges or cause a Denial of Service by sending a crafted CAPI packet.\n Workaround :\n\n There is no known workaround at this time.", "published": "2007-04-30T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=25111", "cvelist": ["CVE-2007-1217"], "lastseen": "2017-10-29T13:43:20"}, {"id": "SL_20070904_KERNEL_ON_SL5_X.NASL", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL5.x i386/x86_64", "description": "- a flaw in the ISDN CAPI subsystem that allowed a remote user to cause a denial of service or potential remote access. Exploitation would require the attacker to be able to send arbitrary frames over the ISDN network to the victim's machine. (CVE-2007-1217, Moderate)\n\n - a flaw in the perfmon subsystem on ia64 platforms that allowed a local user to cause a denial of service.\n (CVE-2006-0558, Moderate)\n\nIn addition, the following bugs were addressed :\n\n - a panic after reloading of the LSI Fusion driver.\n\n - a vm performance problem was corrected by balancing inactive page lists.\n\n - added a nodirplus option to address NFSv3 performance issues with large directories.\n\n - changed the personality handling to disallow personality changes of setuid and setgid binaries. This ensures they keep any randomization and Exec-shield protection.", "published": "2012-08-01T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=60247", "cvelist": ["CVE-2006-0558", "CVE-2007-1217"], "lastseen": "2017-10-29T13:45:43"}, {"id": "ORACLELINUX_ELSA-2007-0671.NASL", "type": "nessus", "title": "Oracle Linux 3 : kernel (ELSA-2007-0671)", "description": "From Red Hat Security Advisory 2007:0671 :\n\nUpdated kernel packages that fix several security issues and bugs in the Red Hat Enterprise Linux 3 kernel are now available.\n\nThis security advisory has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nThe Linux kernel handles the basic functions of the operating system.\n\nThese new kernel packages contain fixes for the security issues described below :\n\n* a flaw in the ISDN CAPI subsystem that allowed a remote user to cause a denial of service or potential privilege escalation.\n(CVE-2007-1217, Moderate)\n\n* a flaw in the Bluetooth subsystem that allowed a local user to trigger an information leak. (CVE-2007-1353, Low)\n\nIn addition to the security issues described above, fixes for the following have been included :\n\n* a race condition in the e1000 network driver that could cause ESB2 systems to be started without the RX unit being turned on.\n\n* a related e1000 bug on ESB2 systems that could cause rlogin to fail.\n\nRed Hat would like to thank Ilja van Sprundel for reporting an issue fixed in this erratum.\n\nNote: The kernel-unsupported package contains various drivers and modules that are unsupported and therefore might contain security problems that have not been addressed.\n\nAll Red Hat Enterprise Linux 3 users are advised to upgrade their kernels to the packages associated with their machine architecture and configurations as listed in this erratum.", "published": "2013-07-12T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=67540", "cvelist": ["CVE-2007-1353", "CVE-2007-1217"], "lastseen": "2017-10-29T13:33:59"}, {"id": "ORACLELINUX_ELSA-2007-0774.NASL", "type": "nessus", "title": "Oracle Linux 4 : kernel (ELSA-2007-0774)", "description": "From Red Hat Security Advisory 2007:0774 :\n\nUpdated kernel packages that fix several security issues and bugs in the Red Hat Enterprise Linux 4 kernel are now available.\n\nThis security advisory has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nThe Linux kernel handles the basic functions of the operating system.\n\nThese new kernel packages contain fixes for the security issues described below :\n\n* a flaw in the ISDN CAPI subsystem that allowed a remote user to cause a denial of service or potential remote access. Exploitation would require the attacker to be able to send arbitrary frames over the ISDN network to the victim's machine. (CVE-2007-1217, Moderate)\n\n* a flaw in the perfmon subsystem on ia64 platforms that allowed a local user to cause a denial of service. (CVE-2006-0558, Moderate)\n\nIn addition, the following bugs were addressed :\n\n* a panic after reloading of the LSI Fusion driver.\n\n* a vm performance problem was corrected by balancing inactive page lists.\n\n* added a nodirplus option to address NFSv3 performance issues with large directories.\n\n* changed the personality handling to disallow personality changes of setuid and setgid binaries. This ensures they keep any randomization and Exec-shield protection.\n\nAll Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.", "published": "2013-07-12T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=67556", "cvelist": ["CVE-2006-0558", "CVE-2007-1217"], "lastseen": "2017-10-29T13:39:02"}, {"id": "SL_20070816_KERNEL_ON_SL3.NASL", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL3.x i386/x86_64", "description": "- a flaw in the ISDN CAPI subsystem that allowed a remote user to cause a denial of service or potential privilege escalation. (CVE-2007-1217, Moderate)\n\n - a flaw in the Bluetooth subsystem that allowed a local user to trigger an information leak. (CVE-2007-1353, Low)\n\nIn addition to the security issues described above, fixes for the following have been included :\n\n - a race condition in the e1000 network driver that could cause ESB2 systems to be started without the RX unit being turned on.\n\n - a related e1000 bug on ESB2 systems that could cause rlogin to fail.", "published": "2012-08-01T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=60241", "cvelist": ["CVE-2007-1353", "CVE-2007-1217"], "lastseen": "2017-10-29T13:40:29"}, {"id": "SL_20070904_KERNEL_ON_SL4_X.NASL", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL4.x i386/x86_64", "description": "These new kernel packages contain fixes for the security issues described below :\n\n - a flaw in the ISDN CAPI subsystem that allowed a remote user to cause a denial of service or potential remote access. Exploitation would require the attacker to be able to send arbitrary frames over the ISDN network to the victim's machine. (CVE-2007-1217, Moderate)\n\n - a flaw in the perfmon subsystem on ia64 platforms that allowed a local user to cause a denial of service.\n (CVE-2006-0558, Moderate)\n\nIn addition, the following bugs were addressed :\n\n - a panic after reloading of the LSI Fusion driver.\n\n - a vm performance problem was corrected by balancing inactive page lists.\n\n - added a nodirplus option to address NFSv3 performance issues with large directories.\n\n - changed the personality handling to disallow personality changes of setuid and setgid binaries. This ensures they keep any randomization and Exec-shield protection.", "published": "2012-08-01T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=60246", "cvelist": ["CVE-2006-0558", "CVE-2007-1217"], "lastseen": "2017-10-29T13:42:05"}, {"id": "REDHAT-RHSA-2007-0671.NASL", "type": "nessus", "title": "RHEL 3 : kernel (RHSA-2007:0671)", "description": "Updated kernel packages that fix several security issues and bugs in the Red Hat Enterprise Linux 3 kernel are now available.\n\nThis security advisory has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nThe Linux kernel handles the basic functions of the operating system.\n\nThese new kernel packages contain fixes for the security issues described below :\n\n* a flaw in the ISDN CAPI subsystem that allowed a remote user to cause a denial of service or potential privilege escalation.\n(CVE-2007-1217, Moderate)\n\n* a flaw in the Bluetooth subsystem that allowed a local user to trigger an information leak. (CVE-2007-1353, Low)\n\nIn addition to the security issues described above, fixes for the following have been included :\n\n* a race condition in the e1000 network driver that could cause ESB2 systems to be started without the RX unit being turned on.\n\n* a related e1000 bug on ESB2 systems that could cause rlogin to fail.\n\nRed Hat would like to thank Ilja van Sprundel for reporting an issue fixed in this erratum.\n\nNote: The kernel-unsupported package contains various drivers and modules that are unsupported and therefore might contain security problems that have not been addressed.\n\nAll Red Hat Enterprise Linux 3 users are advised to upgrade their kernels to the packages associated with their machine architecture and configurations as listed in this erratum.", "published": "2007-08-21T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=25924", "cvelist": ["CVE-2007-1353", "CVE-2007-1217"], "lastseen": "2017-10-29T13:44:47"}, {"id": "REDHAT-RHSA-2007-0774.NASL", "type": "nessus", "title": "RHEL 4 : kernel (RHSA-2007:0774)", "description": "Updated kernel packages that fix several security issues and bugs in the Red Hat Enterprise Linux 4 kernel are now available.\n\nThis security advisory has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nThe Linux kernel handles the basic functions of the operating system.\n\nThese new kernel packages contain fixes for the security issues described below :\n\n* a flaw in the ISDN CAPI subsystem that allowed a remote user to cause a denial of service or potential remote access. Exploitation would require the attacker to be able to send arbitrary frames over the ISDN network to the victim's machine. (CVE-2007-1217, Moderate)\n\n* a flaw in the perfmon subsystem on ia64 platforms that allowed a local user to cause a denial of service. (CVE-2006-0558, Moderate)\n\nIn addition, the following bugs were addressed :\n\n* a panic after reloading of the LSI Fusion driver.\n\n* a vm performance problem was corrected by balancing inactive page lists.\n\n* added a nodirplus option to address NFSv3 performance issues with large directories.\n\n* changed the personality handling to disallow personality changes of setuid and setgid binaries. This ensures they keep any randomization and Exec-shield protection.\n\nAll Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.", "published": "2007-09-05T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=25985", "cvelist": ["CVE-2006-0558", "CVE-2007-1217"], "lastseen": "2017-10-29T13:38:27"}, {"id": "CENTOS_RHSA-2007-0671.NASL", "type": "nessus", "title": "CentOS 3 : kernel (CESA-2007:0671)", "description": "Updated kernel packages that fix several security issues and bugs in the Red Hat Enterprise Linux 3 kernel are now available.\n\nThis security advisory has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nThe Linux kernel handles the basic functions of the operating system.\n\nThese new kernel packages contain fixes for the security issues described below :\n\n* a flaw in the ISDN CAPI subsystem that allowed a remote user to cause a denial of service or potential privilege escalation.\n(CVE-2007-1217, Moderate)\n\n* a flaw in the Bluetooth subsystem that allowed a local user to trigger an information leak. (CVE-2007-1353, Low)\n\nIn addition to the security issues described above, fixes for the following have been included :\n\n* a race condition in the e1000 network driver that could cause ESB2 systems to be started without the RX unit being turned on.\n\n* a related e1000 bug on ESB2 systems that could cause rlogin to fail.\n\nRed Hat would like to thank Ilja van Sprundel for reporting an issue fixed in this erratum.\n\nNote: The kernel-unsupported package contains various drivers and modules that are unsupported and therefore might contain security problems that have not been addressed.\n\nAll Red Hat Enterprise Linux 3 users are advised to upgrade their kernels to the packages associated with their machine architecture and configurations as listed in this erratum.", "published": "2007-08-21T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=25908", "cvelist": ["CVE-2007-1353", "CVE-2007-1217"], "lastseen": "2017-10-29T13:34:57"}, {"id": "CENTOS_RHSA-2007-0774.NASL", "type": "nessus", "title": "CentOS 4 : kernel (CESA-2007:0774)", "description": "Updated kernel packages that fix several security issues and bugs in the Red Hat Enterprise Linux 4 kernel are now available.\n\nThis security advisory has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nThe Linux kernel handles the basic functions of the operating system.\n\nThese new kernel packages contain fixes for the security issues described below :\n\n* a flaw in the ISDN CAPI subsystem that allowed a remote user to cause a denial of service or potential remote access. Exploitation would require the attacker to be able to send arbitrary frames over the ISDN network to the victim's machine. (CVE-2007-1217, Moderate)\n\n* a flaw in the perfmon subsystem on ia64 platforms that allowed a local user to cause a denial of service. (CVE-2006-0558, Moderate)\n\nIn addition, the following bugs were addressed :\n\n* a panic after reloading of the LSI Fusion driver.\n\n* a vm performance problem was corrected by balancing inactive page lists.\n\n* added a nodirplus option to address NFSv3 performance issues with large directories.\n\n* changed the personality handling to disallow personality changes of setuid and setgid binaries. This ensures they keep any randomization and Exec-shield protection.\n\nAll Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.", "published": "2007-09-07T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=26003", "cvelist": ["CVE-2006-0558", "CVE-2007-1217"], "lastseen": "2017-10-29T13:40:24"}], "openvas": [{"id": "OPENVAS:58250", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200704-23 (capi4k-utils)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200704-23.", "published": "2008-09-24T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=58250", "cvelist": ["CVE-2007-1217"], "lastseen": "2017-07-24T12:49:43"}, {"id": "OPENVAS:830108", "type": "openvas", "title": "Mandriva Update for kernel MDKSA-2007:078 (kernel)", "description": "Check for the Version of kernel", "published": "2009-04-09T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=830108", "cvelist": ["CVE-2006-6056", "CVE-2007-1592", "CVE-2007-0958", "CVE-2007-0005", "CVE-2007-1000", "CVE-2007-0772", "CVE-2007-1217", "CVE-2004-1073", "CVE-2007-1388"], "lastseen": "2017-07-24T12:56:55"}, {"id": "OPENVAS:1361412562310122663", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2007-0705", "description": "Oracle Linux Local Security Checks ELSA-2007-0705", "published": "2015-10-08T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122663", "cvelist": ["CVE-2007-2876", "CVE-2007-3739", "CVE-2007-3851", "CVE-2007-3843", "CVE-2007-2875", "CVE-2007-3740", "CVE-2007-2878", "CVE-2007-1217"], "lastseen": "2017-07-24T12:54:01"}, {"id": "OPENVAS:1361412562310830108", "type": "openvas", "title": "Mandriva Update for kernel MDKSA-2007:078 (kernel)", "description": "Check for the Version of kernel", "published": "2009-04-09T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830108", "cvelist": ["CVE-2006-6056", "CVE-2007-1592", "CVE-2007-0958", "CVE-2007-0005", "CVE-2007-1000", "CVE-2007-0772", "CVE-2007-1217", "CVE-2004-1073", "CVE-2007-1388"], "lastseen": "2018-04-09T11:40:56"}, {"id": "OPENVAS:840165", "type": "openvas", "title": "Ubuntu Update for linux-source-2.6.20 vulnerabilities USN-470-1", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-470-1", "published": "2009-03-23T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=840165", "cvelist": ["CVE-2007-1353", "CVE-2007-2453", "CVE-2007-2451"], "lastseen": "2017-12-04T11:28:04"}, {"id": "OPENVAS:1361412562310122679", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2007-0376", "description": "Oracle Linux Local Security Checks ELSA-2007-0376", "published": "2015-10-08T00:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122679", "cvelist": ["CVE-2007-1353", "CVE-2006-7203", "CVE-2007-2453", "CVE-2007-2525"], "lastseen": "2017-07-24T12:52:54"}, {"id": "OPENVAS:58528", "type": "openvas", "title": "Debian Security Advisory DSA 1356-1 (linux-2.6)", "description": "The remote host is missing an update to linux-2.6\nannounced via advisory DSA 1356-1.", "published": "2008-01-17T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=58528", "cvelist": ["CVE-2007-2172", "CVE-2007-2876", "CVE-2007-3848", "CVE-2007-1353", "CVE-2007-3851", "CVE-2007-3513", "CVE-2007-2453", "CVE-2007-3642", "CVE-2007-2525"], "lastseen": "2017-07-24T12:50:25"}, {"id": "OPENVAS:840028", "type": "openvas", "title": "Ubuntu Update for linux-source-2.6.15 vulnerability USN-489-1", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-489-1", "published": "2009-03-23T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=840028", "cvelist": ["CVE-2007-2876", "CVE-2007-1353", "CVE-2006-7203", "CVE-2007-3380", "CVE-2007-3513", "CVE-2007-2453", "CVE-2007-2875", "CVE-2007-0005", "CVE-2006-4623", "CVE-2007-1861", "CVE-2007-1000", "CVE-2007-2878", "CVE-2007-2525"], "lastseen": "2017-12-04T11:28:09"}, {"id": "OPENVAS:850056", "type": "openvas", "title": "SuSE Update for kernel SUSE-SA:2007:035", "description": "Check for the Version of kernel", "published": "2009-01-28T00:00:00", "cvss": {"score": 9.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=850056", "cvelist": ["CVE-2006-6535", "CVE-2007-1353", "CVE-2006-7203", "CVE-2006-6106", "CVE-2006-5754", "CVE-2007-1592", "CVE-2006-5871", "CVE-2006-5753", "CVE-2007-1357", "CVE-2006-2936", "CVE-2006-5749"], "lastseen": "2017-12-12T11:20:51"}, {"id": "OPENVAS:840134", "type": "openvas", "title": "Ubuntu Update for linux-source-2.6.17 vulnerabilities USN-486-1", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-486-1", "published": "2009-03-23T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=840134", "cvelist": ["CVE-2007-2876", "CVE-2007-1353", "CVE-2006-7203", "CVE-2007-2242", "CVE-2007-2453", "CVE-2007-2875", "CVE-2007-0005", "CVE-2007-1861", "CVE-2007-1000", "CVE-2007-2878", "CVE-2007-2525"], "lastseen": "2017-12-04T11:29:20"}], "osvdb": [{"id": "OSVDB:34742", "type": "osvdb", "title": "Linux Kernel libcapi capiutil.c bufprint Function CAPI Packet Local DoS", "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=408530\nVendor Specific News/Changelog Entry: http://bugzilla.kernel.org/show_bug.cgi?id=8028\n[Secunia Advisory ID:26709](https://secuniaresearch.flexerasoftware.com/advisories/26709/)\n[Secunia Advisory ID:26379](https://secuniaresearch.flexerasoftware.com/advisories/26379/)\n[Secunia Advisory ID:27528](https://secuniaresearch.flexerasoftware.com/advisories/27528/)\n[Secunia Advisory ID:24777](https://secuniaresearch.flexerasoftware.com/advisories/24777/)\n[Secunia Advisory ID:26478](https://secuniaresearch.flexerasoftware.com/advisories/26478/)\nRedHat RHSA: RHSA-2007:0774\nRedHat RHSA: RHSA-2007:0672\nRedHat RHSA: RHSA-2007:0671\nOther Advisory URL: http://security.gentoo.org/glsa/glsa-200704-23.xml\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:078\nOther Advisory URL: http://frontal2.mandriva.com/security/advisories?name=MDKSA-2007:078\nOther Advisory URL: http://support.avaya.com/elmodocs2/security/ASA-2007-404.htm\n[CVE-2007-1217 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1217>](https://vulners.com/cve/CVE-2007-1217 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1217>)\nBugtraq ID: 23333\n", "published": "2007-02-17T07:51:29", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/osvdb/OSVDB:34742", "cvelist": ["CVE-2007-1217 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1217>"], "lastseen": "2017-04-28T13:20:30"}, {"id": "OSVDB:34739", "type": "osvdb", "title": "Linux Kernel L2CAP / HCI Bluetooth copy_from_user Function Arbitrary Memory Disclosure", "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.34.3\n[Secunia Advisory ID:24976](https://secuniaresearch.flexerasoftware.com/advisories/24976/)\n[Secunia Advisory ID:25596](https://secuniaresearch.flexerasoftware.com/advisories/25596/)\n[Secunia Advisory ID:26133](https://secuniaresearch.flexerasoftware.com/advisories/26133/)\n[Secunia Advisory ID:26450](https://secuniaresearch.flexerasoftware.com/advisories/26450/)\n[Secunia Advisory ID:26379](https://secuniaresearch.flexerasoftware.com/advisories/26379/)\n[Secunia Advisory ID:25700](https://secuniaresearch.flexerasoftware.com/advisories/25700/)\n[Secunia Advisory ID:27528](https://secuniaresearch.flexerasoftware.com/advisories/27528/)\n[Secunia Advisory ID:25683](https://secuniaresearch.flexerasoftware.com/advisories/25683/)\n[Secunia Advisory ID:26289](https://secuniaresearch.flexerasoftware.com/advisories/26289/)\n[Secunia Advisory ID:26139](https://secuniaresearch.flexerasoftware.com/advisories/26139/)\n[Secunia Advisory ID:25838](https://secuniaresearch.flexerasoftware.com/advisories/25838/)\n[Secunia Advisory ID:26478](https://secuniaresearch.flexerasoftware.com/advisories/26478/)\nRedHat RHSA: RHSA-2007:0376\nRedHat RHSA: RHSA-2007:0672\nRedHat RHSA: RHSA-2007:0488\nRedHat RHSA: RHSA-2007:0671\nOther Advisory URL: http://www.ubuntu.com/usn/usn-470-1\nOther Advisory URL: http://www.ubuntu.com/usn/usn-486-1\nOther Advisory URL: http://www.us.debian.org/security/2007/dsa-1356\nOther Advisory URL: http://support.avaya.com/elmodocs2/security/ASA-2007-287.htm\nOther Advisory URL: http://support.avaya.com/elmodocs2/security/ASA-2007-404.htm\nOther Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-06/msg00004.html\nOther Advisory URL: http://www.ubuntu.com/usn/usn-489-1\nFrSIRT Advisory: ADV-2007-1495\n[CVE-2007-1353](https://vulners.com/cve/CVE-2007-1353)\nBugtraq ID: 23594\n", "published": "2007-04-22T12:18:26", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://vulners.com/osvdb/OSVDB:34739", "cvelist": ["CVE-2007-1353"], "lastseen": "2017-04-28T13:20:30"}], "centos": [{"id": "CESA-2007:0671", "type": "centos", "title": "kernel security update", "description": "**CentOS Errata and Security Advisory** CESA-2007:0671\n\n\nThe Linux kernel handles the basic functions of the operating system.\r\n\r\nThese new kernel packages contain fixes for the security issues described\r\nbelow:\r\n\r\n* a flaw in the ISDN CAPI subsystem that allowed a remote user to cause a\r\ndenial of service or potential privilege escalation. (CVE-2007-1217, Moderate)\r\n\r\n* a flaw in the Bluetooth subsystem that allowed a local user to trigger an\r\ninformation leak. (CVE-2007-1353, Low) \r\n\r\nIn addition to the security issues described above, fixes for the following\r\nhave been included:\r\n\r\n* a race condition in the e1000 network driver that could cause ESB2\r\nsystems to be started without the RX unit being turned on. \r\n\r\n* a related e1000 bug on ESB2 systems that could cause rlogin to fail.\r\n\r\nRed Hat would like to thank Ilja van Sprundel for reporting an issue fixed\r\nin this erratum. \r\n\r\nNote: The kernel-unsupported package contains various drivers and modules\r\nthat are unsupported and therefore might contain security problems that\r\nhave not been addressed.\r\n\r\nAll Red Hat Enterprise Linux 3 users are advised to upgrade their kernels\r\nto the packages associated with their machine architecture and\r\nconfigurations as listed in this erratum.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-August/014145.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-August/014146.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-August/014147.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-August/014148.html\n\n**Affected packages:**\nkernel\nkernel-BOOT\nkernel-doc\nkernel-hugemem\nkernel-hugemem-unsupported\nkernel-smp\nkernel-smp-unsupported\nkernel-source\nkernel-unsupported\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-0671.html", "published": "2007-08-16T22:01:30", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2007-August/014145.html", "cvelist": ["CVE-2007-1353", "CVE-2007-1217"], "lastseen": "2017-10-12T14:46:08"}, {"id": "CESA-2007:0774", "type": "centos", "title": "kernel security update", "description": "**CentOS Errata and Security Advisory** CESA-2007:0774\n\n\nThe Linux kernel handles the basic functions of the operating system.\r\n\r\nThese new kernel packages contain fixes for the security issues described\r\nbelow:\r\n\r\n* a flaw in the ISDN CAPI subsystem that allowed a remote user to cause a\r\ndenial of service or potential remote access. Exploitation would require\r\nthe attacker to be able to send arbitrary frames over the ISDN network to\r\nthe victim's machine. (CVE-2007-1217, Moderate) \r\n\r\n* a flaw in the perfmon subsystem on ia64 platforms that allowed a local\r\nuser to cause a denial of service. (CVE-2006-0558, Moderate)\r\n\r\nIn addition, the following bugs were addressed:\r\n\r\n* a panic after reloading of the LSI Fusion driver.\r\n\r\n* a vm performance problem was corrected by balancing inactive page lists.\r\n\r\n* added a nodirplus option to address NFSv3 performance issues with large\r\ndirectories.\r\n\r\n* changed the personality handling to disallow personality changes of\r\nsetuid and setgid binaries. This ensures they keep any randomization and\r\nExec-shield protection.\r\n\r\nAll Red Hat Enterprise Linux 4 users are advised to upgrade their kernels\r\nto the packages associated with their machine architectures and\r\nconfigurations as listed in this erratum.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/014184.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/014185.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/014188.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/014189.html\n\n**Affected packages:**\nkernel\nkernel-devel\nkernel-doc\nkernel-hugemem\nkernel-hugemem-devel\nkernel-largesmp\nkernel-largesmp-devel\nkernel-smp\nkernel-smp-devel\nkernel-xenU\nkernel-xenU-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-0774.html", "published": "2007-09-07T08:36:09", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2007-September/014184.html", "cvelist": ["CVE-2006-0558", "CVE-2007-1217"], "lastseen": "2017-10-12T14:45:16"}, {"id": "CESA-2007:0672-01", "type": "centos", "title": "kernel security update", "description": "**CentOS Errata and Security Advisory** CESA-2007:0672-01\n\n\nThe Linux kernel handles the basic functions of the operating system.\r\n\r\nThese new kernel packages contain fixes for the security issues described\r\nbelow:\r\n\r\n* a flaw in IPv6 flow label handling that allowed a local user to cause a\r\ndenial of service (crash). (CVE-2007-1592, Important)\r\n\r\n* a flaw in the ISDN CAPI subsystem that allowed a remote user to cause a\r\ndenial of service or potential privilege escalation. (CVE-2007-1217, Moderate)\r\n\r\n* a flaw in the Bluetooth subsystem that allowed a local user to trigger an\r\ninformation leak. (CVE-2007-1353, Low)\r\n\r\n* various flaws in the supported filesystems that allowed a local\r\nprivileged user to cause a denial of service. (CVE-2006-6054, CVE-2006-6058,\r\nLow)\r\n\r\nRed Hat would like to thank Ilja van Sprundel for reporting an issue fixed\r\nin this erratum.\r\n\r\nAll Red Hat Enterprise Linux 2.1 users are advised to upgrade their kernels\r\nto these updated packages, which contain backported fixes to correct these\r\nissues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-August/014139.html\n\n**Affected packages:**\nkernel\nkernel-BOOT\nkernel-debug\nkernel-doc\nkernel-enterprise\nkernel-headers\nkernel-smp\nkernel-source\nkernel-summit\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "published": "2007-08-09T04:54:35", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2007-August/014139.html", "cvelist": ["CVE-2006-6054", "CVE-2007-1353", "CVE-2007-1592", "CVE-2006-6058", "CVE-2007-1217"], "lastseen": "2018-01-25T11:02:45"}, {"id": "CESA-2007:0705", "type": "centos", "title": "kernel security update", "description": "**CentOS Errata and Security Advisory** CESA-2007:0705\n\n\nThe Linux kernel handles the basic functions of the operating system.\r\n\r\nThese new kernel packages contain fixes for the following security issues:\r\n\r\n* a flaw in the DRM driver for Intel graphics cards that allowed a local\r\nuser to access any part of the main memory. To access the DRM functionality\r\na user must have access to the X server which is granted through the\r\ngraphical login. This also only affected systems with an Intel 965 or later\r\ngraphic chipset. (CVE-2007-3851, Important)\r\n\r\n* a flaw in the VFAT compat ioctl handling on 64-bit systems that allowed a\r\nlocal user to corrupt a kernel_dirent struct and cause a denial of service\r\n(system crash). (CVE-2007-2878, Important)\r\n\r\n* a flaw in the connection tracking support for SCTP that allowed a remote\r\nuser to cause a denial of service by dereferencing a NULL pointer.\r\n(CVE-2007-2876, Important)\r\n\r\n* flaw in the CIFS filesystem which could cause the umask values of a\r\nprocess to not be honored. This affected CIFS filesystems where the Unix\r\nextensions are supported. (CVE-2007-3740, Important)\r\n\r\n* a flaw in the stack expansion when using the hugetlb kernel on PowerPC\r\nsystems that allowed a local user to cause a denial of service.\r\n(CVE-2007-3739, Moderate)\r\n\r\n* a flaw in the ISDN CAPI subsystem that allowed a remote user to cause a\r\ndenial of service or potential remote access. Exploitation would require\r\nthe attacker to be able to send arbitrary frames over the ISDN network to\r\nthe victim's machine. (CVE-2007-1217, Moderate)\r\n\r\n* a flaw in the cpuset support that allowed a local user to obtain\r\nsensitive information from kernel memory. To exploit this the cpuset\r\nfilesystem would have to already be mounted. (CVE-2007-2875, Moderate)\r\n\r\n* a flaw in the CIFS handling of the mount option \"sec=\" that didn't enable\r\nintegrity checking and didn't produce any error message. (CVE-2007-3843,\r\nLow)\r\n\r\nRed Hat Enterprise Linux 5 users are advised to upgrade to these packages,\r\nwhich contain backported patches to correct these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/014196.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/014197.html\n\n**Affected packages:**\nkernel\nkernel-PAE\nkernel-PAE-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-xen\nkernel-xen-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-0705.html", "published": "2007-09-14T00:58:44", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2007-September/014197.html", "cvelist": ["CVE-2007-2876", "CVE-2007-3739", "CVE-2007-3851", "CVE-2007-3843", "CVE-2007-2875", "CVE-2007-3740", "CVE-2007-2878", "CVE-2007-1217"], "lastseen": "2017-10-03T18:25:44"}, {"id": "CESA-2007:0376", "type": "centos", "title": "kernel security update", "description": "**CentOS Errata and Security Advisory** CESA-2007:0376\n\n\nThe Linux kernel handles the basic functions of the operating system.\r\n\r\nThese new kernel packages contain fixes for the following security issues:\r\n\r\n* a flaw in the mount handling routine for 64-bit systems that allowed a\r\nlocal user to cause denial of service (CVE-2006-7203, Important).\r\n\r\n* a flaw in the PPP over Ethernet implementation that allowed a remote user\r\nto cause a denial of service (CVE-2007-2525, Important).\r\n\r\n* a flaw in the Bluetooth subsystem that allowed a local user to trigger an\r\ninformation leak (CVE-2007-1353, Low).\r\n\r\n* a bug in the random number generator that prevented the manual seeding of\r\nthe entropy pool (CVE-2007-2453, Low).\r\n\r\nIn addition to the security issues described above, fixes for the following\r\nhave been included:\r\n\r\n* a race condition between ext3_link/unlink that could create an orphan\r\ninode list corruption.\r\n\r\n* a bug in the e1000 driver that could lead to a watchdog timeout panic.\r\n\r\nRed Hat Enterprise Linux 5 users are advised to upgrade to these packages,\r\nwhich contain backported patches to correct these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-June/013939.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-June/013940.html\n\n**Affected packages:**\nkernel\nkernel-PAE\nkernel-PAE-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-xen\nkernel-xen-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-0376.html", "published": "2007-06-15T23:44:48", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2007-June/013940.html", "cvelist": ["CVE-2007-1353", "CVE-2006-7203", "CVE-2007-2453", "CVE-2007-2525"], "lastseen": "2017-10-03T18:24:50"}, {"id": "CESA-2007:0488", "type": "centos", "title": "kernel security update", "description": "**CentOS Errata and Security Advisory** CESA-2007:0488\n\n\nThe Linux kernel handles the basic functions of the operating system.\r\n\r\nThese new kernel packages contain fixes for the security issues described\r\nbelow:\r\n\r\n* a flaw in the connection tracking support for SCTP that allowed a remote\r\nuser to cause a denial of service by dereferencing a NULL pointer.\r\n(CVE-2007-2876, Important)\r\n\r\n* a flaw in the mount handling routine for 64-bit systems that allowed a\r\nlocal user to cause denial of service (crash). (CVE-2006-7203, Important)\r\n\r\n* a flaw in the IPv4 forwarding base that allowed a local user to cause an\r\nout-of-bounds access. (CVE-2007-2172, Important)\r\n\r\n* a flaw in the PPP over Ethernet implementation that allowed a local user\r\nto cause a denial of service (memory consumption) by creating a socket\r\nusing connect and then releasing it before the PPPIOCGCHAN ioctl has been\r\ncalled. (CVE-2007-2525, Important)\r\n\r\n* a flaw in the fput ioctl handling of 32-bit applications running on\r\n64-bit platforms that allowed a local user to cause a denial of service\r\n(panic). (CVE-2007-0773, Important)\r\n\r\n* a flaw in the NFS locking daemon that allowed a local user to cause\r\ndenial of service (deadlock). (CVE-2006-5158, Moderate)\r\n\r\n* a flaw in the sysfs_readdir function that allowed a local user to cause a\r\ndenial of service by dereferencing a NULL pointer. (CVE-2007-3104, Moderate)\r\n\r\n* a flaw in the core-dump handling that allowed a local user to create core\r\ndumps from unreadable binaries via PT_INTERP. (CVE-2007-0958, Low) \r\n\r\n* a flaw in the Bluetooth subsystem that allowed a local user to trigger an\r\ninformation leak. (CVE-2007-1353, Low)\r\n\r\nIn addition, the following bugs were addressed:\r\n\r\n* the NFS could recurse on the same spinlock. Also, NFS, under certain\r\nconditions, did not completely clean up Posix locks on a file close,\r\nleading to mount failures.\r\n\r\n* the 32bit compatibility didn't return to userspace correct values for the\r\nrt_sigtimedwait system call.\r\n\r\n* the count for unused inodes could be incorrect at times, resulting in\r\ndirty data not being written to disk in a timely manner.\r\n\r\n* the cciss driver had an incorrect disk size calculation (off-by-one\r\nerror) which prevented disk dumps.\r\n\r\nRed Hat would like to thank Ilja van Sprundel and the OpenVZ Linux kernel\r\nteam for reporting issues fixed in this erratum.\r\n\r\nAll Red Hat Enterprise Linux 4 users are advised to upgrade their kernels\r\nto the packages associated with their machine architectures and\r\nconfigurations as listed in this erratum.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-June/013980.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-June/013981.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-June/014010.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-June/014013.html\n\n**Affected packages:**\nkernel\nkernel-devel\nkernel-doc\nkernel-hugemem\nkernel-hugemem-devel\nkernel-largesmp\nkernel-largesmp-devel\nkernel-smp\nkernel-smp-devel\nkernel-xenU\nkernel-xenU-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-0488.html", "published": "2007-06-26T23:50:36", "cvss": {"score": 6.1, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2007-June/013980.html", "cvelist": ["CVE-2007-2172", "CVE-2007-2876", "CVE-2007-0773", "CVE-2007-3104", "CVE-2006-5158", "CVE-2007-1353", "CVE-2006-7203", "CVE-2007-0958", "CVE-2007-2525"], "lastseen": "2017-10-12T14:45:16"}], "redhat": [{"id": "RHSA-2007:0774", "type": "redhat", "title": "(RHSA-2007:0774) Moderate: kernel security and bugfix update", "description": "The Linux kernel handles the basic functions of the operating system.\r\n\r\nThese new kernel packages contain fixes for the security issues described\r\nbelow:\r\n\r\n* a flaw in the ISDN CAPI subsystem that allowed a remote user to cause a\r\ndenial of service or potential remote access. Exploitation would require\r\nthe attacker to be able to send arbitrary frames over the ISDN network to\r\nthe victim's machine. (CVE-2007-1217, Moderate) \r\n\r\n* a flaw in the perfmon subsystem on ia64 platforms that allowed a local\r\nuser to cause a denial of service. (CVE-2006-0558, Moderate)\r\n\r\nIn addition, the following bugs were addressed:\r\n\r\n* a panic after reloading of the LSI Fusion driver.\r\n\r\n* a vm performance problem was corrected by balancing inactive page lists.\r\n\r\n* added a nodirplus option to address NFSv3 performance issues with large\r\ndirectories.\r\n\r\n* changed the personality handling to disallow personality changes of\r\nsetuid and setgid binaries. This ensures they keep any randomization and\r\nExec-shield protection.\r\n\r\nAll Red Hat Enterprise Linux 4 users are advised to upgrade their kernels\r\nto the packages associated with their machine architectures and\r\nconfigurations as listed in this erratum.", "published": "2007-09-04T04:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2007:0774", "cvelist": ["CVE-2006-0558", "CVE-2007-1217"], "lastseen": "2017-09-09T07:20:19"}, {"id": "RHSA-2007:0673", "type": "redhat", "title": "(RHSA-2007:0673) Important: kernel security update", "description": "The Linux kernel handles the basic functions of the operating system.\r\n\r\nThese new kernel packages contain fixes for the security issues described\r\nbelow:\r\n\r\n* a flaw in IPV6 flow label handling that allowed a local user to\r\ncause a denial of service (crash). (CVE-2007-1592, Important)\r\n\r\n* a flaw in the ISDN CAPI subsystem that allowed a remote user to cause a\r\ndenial of service or potential privilege escalation. (CVE-2007-1217, Moderate)\r\n\r\n* a flaw in the Bluetooth subsystem that allowed a local user to trigger an\r\ninformation leak. (CVE-2007-1353, Low)\r\n\r\n* a flaw in the supported filesystems that allowed a local privileged user\r\nto cause a denial of service. (CVE-2006-6054, Low)\r\n\r\nRed Hat would like to thank Ilja van Sprundel for reporting an issue fixed\r\nin this erratum.\r\n\r\nAll Red Hat Enterprise Linux 2.1 users are advised to upgrade their kernels\r\nto these updated packages, which contain backported fixes to correct these\r\nissues.", "published": "2007-08-08T04:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2007:0673", "cvelist": ["CVE-2006-6054", "CVE-2007-1217", "CVE-2007-1353", "CVE-2007-1592"], "lastseen": "2018-03-14T15:43:08"}, {"id": "RHSA-2007:0672", "type": "redhat", "title": "(RHSA-2007:0672) Important: kernel security update", "description": "The Linux kernel handles the basic functions of the operating system.\r\n\r\nThese new kernel packages contain fixes for the security issues described\r\nbelow:\r\n\r\n* a flaw in IPv6 flow label handling that allowed a local user to cause a\r\ndenial of service (crash). (CVE-2007-1592, Important)\r\n\r\n* a flaw in the ISDN CAPI subsystem that allowed a remote user to cause a\r\ndenial of service or potential privilege escalation. (CVE-2007-1217, Moderate)\r\n\r\n* a flaw in the Bluetooth subsystem that allowed a local user to trigger an\r\ninformation leak. (CVE-2007-1353, Low)\r\n\r\n* various flaws in the supported filesystems that allowed a local\r\nprivileged user to cause a denial of service. (CVE-2006-6054, CVE-2006-6058,\r\nLow)\r\n\r\nRed Hat would like to thank Ilja van Sprundel for reporting an issue fixed\r\nin this erratum.\r\n\r\nAll Red Hat Enterprise Linux 2.1 users are advised to upgrade their kernels\r\nto these updated packages, which contain backported fixes to correct these\r\nissues.", "published": "2007-08-08T04:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2007:0672", "cvelist": ["CVE-2006-6054", "CVE-2006-6058", "CVE-2007-1217", "CVE-2007-1353", "CVE-2007-1592"], "lastseen": "2018-03-14T15:43:10"}, {"id": "RHSA-2007:0705", "type": "redhat", "title": "(RHSA-2007:0705) Important: kernel security update", "description": "The Linux kernel handles the basic functions of the operating system.\r\n\r\nThese new kernel packages contain fixes for the following security issues:\r\n\r\n* a flaw in the DRM driver for Intel graphics cards that allowed a local\r\nuser to access any part of the main memory. To access the DRM functionality\r\na user must have access to the X server which is granted through the\r\ngraphical login. This also only affected systems with an Intel 965 or later\r\ngraphic chipset. (CVE-2007-3851, Important)\r\n\r\n* a flaw in the VFAT compat ioctl handling on 64-bit systems that allowed a\r\nlocal user to corrupt a kernel_dirent struct and cause a denial of service\r\n(system crash). (CVE-2007-2878, Important)\r\n\r\n* a flaw in the connection tracking support for SCTP that allowed a remote\r\nuser to cause a denial of service by dereferencing a NULL pointer.\r\n(CVE-2007-2876, Important)\r\n\r\n* flaw in the CIFS filesystem which could cause the umask values of a\r\nprocess to not be honored. This affected CIFS filesystems where the Unix\r\nextensions are supported. (CVE-2007-3740, Important)\r\n\r\n* a flaw in the stack expansion when using the hugetlb kernel on PowerPC\r\nsystems that allowed a local user to cause a denial of service.\r\n(CVE-2007-3739, Moderate)\r\n\r\n* a flaw in the ISDN CAPI subsystem that allowed a remote user to cause a\r\ndenial of service or potential remote access. Exploitation would require\r\nthe attacker to be able to send arbitrary frames over the ISDN network to\r\nthe victim's machine. (CVE-2007-1217, Moderate)\r\n\r\n* a flaw in the cpuset support that allowed a local user to obtain\r\nsensitive information from kernel memory. To exploit this the cpuset\r\nfilesystem would have to already be mounted. (CVE-2007-2875, Moderate)\r\n\r\n* a flaw in the CIFS handling of the mount option \"sec=\" that didn't enable\r\nintegrity checking and didn't produce any error message. (CVE-2007-3843,\r\nLow)\r\n\r\nRed Hat Enterprise Linux 5 users are advised to upgrade to these packages,\r\nwhich contain backported patches to correct these issues.", "published": "2007-09-13T04:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2007:0705", "cvelist": ["CVE-2007-1217", "CVE-2007-2875", "CVE-2007-2876", "CVE-2007-2878", "CVE-2007-3739", "CVE-2007-3740", "CVE-2007-3843", "CVE-2007-3851"], "lastseen": "2017-09-09T07:19:49"}, {"id": "RHSA-2007:0376", "type": "redhat", "title": "(RHSA-2007:0376) Important: kernel security and bug fix update", "description": "The Linux kernel handles the basic functions of the operating system.\r\n\r\nThese new kernel packages contain fixes for the following security issues:\r\n\r\n* a flaw in the mount handling routine for 64-bit systems that allowed a\r\nlocal user to cause denial of service (CVE-2006-7203, Important).\r\n\r\n* a flaw in the PPP over Ethernet implementation that allowed a remote user\r\nto cause a denial of service (CVE-2007-2525, Important).\r\n\r\n* a flaw in the Bluetooth subsystem that allowed a local user to trigger an\r\ninformation leak (CVE-2007-1353, Low).\r\n\r\n* a bug in the random number generator that prevented the manual seeding of\r\nthe entropy pool (CVE-2007-2453, Low).\r\n\r\nIn addition to the security issues described above, fixes for the following\r\nhave been included:\r\n\r\n* a race condition between ext3_link/unlink that could create an orphan\r\ninode list corruption.\r\n\r\n* a bug in the e1000 driver that could lead to a watchdog timeout panic.\r\n\r\nRed Hat Enterprise Linux 5 users are advised to upgrade to these packages,\r\nwhich contain backported patches to correct these issues.", "published": "2007-06-14T04:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2007:0376", "cvelist": ["CVE-2006-7203", "CVE-2007-1353", "CVE-2007-2453", "CVE-2007-2525"], "lastseen": "2017-09-09T07:19:47"}, {"id": "RHSA-2007:0488", "type": "redhat", "title": "(RHSA-2007:0488) Important: kernel security update", "description": "The Linux kernel handles the basic functions of the operating system.\r\n\r\nThese new kernel packages contain fixes for the security issues described\r\nbelow:\r\n\r\n* a flaw in the connection tracking support for SCTP that allowed a remote\r\nuser to cause a denial of service by dereferencing a NULL pointer.\r\n(CVE-2007-2876, Important)\r\n\r\n* a flaw in the mount handling routine for 64-bit systems that allowed a\r\nlocal user to cause denial of service (crash). (CVE-2006-7203, Important)\r\n\r\n* a flaw in the IPv4 forwarding base that allowed a local user to cause an\r\nout-of-bounds access. (CVE-2007-2172, Important)\r\n\r\n* a flaw in the PPP over Ethernet implementation that allowed a local user\r\nto cause a denial of service (memory consumption) by creating a socket\r\nusing connect and then releasing it before the PPPIOCGCHAN ioctl has been\r\ncalled. (CVE-2007-2525, Important)\r\n\r\n* a flaw in the fput ioctl handling of 32-bit applications running on\r\n64-bit platforms that allowed a local user to cause a denial of service\r\n(panic). (CVE-2007-0773, Important)\r\n\r\n* a flaw in the NFS locking daemon that allowed a local user to cause\r\ndenial of service (deadlock). (CVE-2006-5158, Moderate)\r\n\r\n* a flaw in the sysfs_readdir function that allowed a local user to cause a\r\ndenial of service by dereferencing a NULL pointer. (CVE-2007-3104, Moderate)\r\n\r\n* a flaw in the core-dump handling that allowed a local user to create core\r\ndumps from unreadable binaries via PT_INTERP. (CVE-2007-0958, Low) \r\n\r\n* a flaw in the Bluetooth subsystem that allowed a local user to trigger an\r\ninformation leak. (CVE-2007-1353, Low)\r\n\r\nIn addition, the following bugs were addressed:\r\n\r\n* the NFS could recurse on the same spinlock. Also, NFS, under certain\r\nconditions, did not completely clean up Posix locks on a file close,\r\nleading to mount failures.\r\n\r\n* the 32bit compatibility didn't return to userspace correct values for the\r\nrt_sigtimedwait system call.\r\n\r\n* the count for unused inodes could be incorrect at times, resulting in\r\ndirty data not being written to disk in a timely manner.\r\n\r\n* the cciss driver had an incorrect disk size calculation (off-by-one\r\nerror) which prevented disk dumps.\r\n\r\nRed Hat would like to thank Ilja van Sprundel and the OpenVZ Linux kernel\r\nteam for reporting issues fixed in this erratum.\r\n\r\nAll Red Hat Enterprise Linux 4 users are advised to upgrade their kernels\r\nto the packages associated with their machine architectures and\r\nconfigurations as listed in this erratum.", "published": "2007-06-25T04:00:00", "cvss": {"score": 6.1, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2007:0488", "cvelist": ["CVE-2006-5158", "CVE-2006-7203", "CVE-2007-0773", "CVE-2007-0958", "CVE-2007-1353", "CVE-2007-2172", "CVE-2007-2525", "CVE-2007-2876", "CVE-2007-3104"], "lastseen": "2017-09-09T07:20:35"}], "oraclelinux": [{"id": "ELSA-2007-0774", "type": "oraclelinux", "title": "Moderate: kernel security and bugfix update ", "description": " [2.6.9-55.0.6.0.1]\n - fix entropy flag in bnx2 driver to generate entropy pool (John \n Sobecki) [orabug 5931647]\n - fix for nfs open call taking longer issue (Chuck Lever) orabug 5580407 \n bz [219412]\n - fix enomem due to larger mtu size page alloc (Zach Brown) orabug 5486128\n - fix per_cpu() api bug_on with rds (Zach Brown) orabug 5760648\n - limit nr_requests in cfq io scheduler ( Jens Axboe) bz 234278 orabug \n 5899829\n \n [2.6.9-55.0.6]\n -revert: autofs4 fix for race between mount and expire [248126]\n \n [2.6.9-55.0.4]\n -revert: add missing audit_notify_watch() to removexattr\n -autofs4: fix race between mount and expire (Ian Kent) [248126]\n \n [2.6.9-55.0.3]\n -Fix panic following reload of LSI Fusion driver (Chip Coldwell) [227451]\n -Fix buffer overflow in capi debug functions (Anton Arapov) [243257] \n {CVE-2007-1217}\n -add missing audit_notify_watch() to removexattr (Alexander Viro) [248126]\n -fix VM hangs by balancing inactive lists and setting better values for \n dirty limits (Larry Woodman) [248141]\n -nfs: add nordirplus option (Jeff Layton) [249848]\n -ia64: fix vmalloc perfmon crash (Luming Yu) [250199] {CVE-2006-0558}\n -fix stack randomization across suid/sgid exec (Ernie Petrides) [250200] ", "published": "2007-09-05T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2007-0774.html", "cvelist": ["CVE-2006-0558", "CVE-2007-1217"], "lastseen": "2016-09-04T11:16:53"}, {"id": "ELSA-2007-0705", "type": "oraclelinux", "title": "Important: kernel security update ", "description": " [2.6.18-8.1.10.0.1.el5]\n - Fix bonding primary=ethX (Bert Barbe) [IT 101532] [ORA 5136660]\n - Add entropy module option to e1000/bnx2 (John Sobecki) [ORA 6045759]\n \n [2.6.18-8.1.10.el5]\n - [mm] Prevent the stack growth into hugetlb reserved regions (Konrad \n Rzeszutek) [253313] {CVE-2007-3739}\n \n [2.6.18-8.1.9.el5]\n - [misc] cpuset information leak (Prarit Bhargava ) [245773] {CVE-2007-2875}\n - [net] ip_conntrack_sctp: fix remotely triggerable panic (Don Howard ) \n [245774] {CVE-2007-2876}\n - [misc] Overflow in CAPI subsystem (Anton Arapov ) [232260] {CVE-2007-1217}\n - [CIFS] fix signing sec= mount options (Jeff Layton ) [253315] \n {CVE-2007-3843}\n - [CIFS] respect umask when unix extensions are enabled (Jeff Layton ) \n [253314] {CVE-2007-3740}\n - [misc] i915_dma: fix batch buffer security bit for i965 chipsets \n (Aristeu Rozanski ) [252305] {CVE-2007-3851}\n - [fs] - Move msdos compat ioctl to msdos dir (Eric Sandeen ) [253317]\n - [fs] - fix VFAT compat ioctls on 64-bit systems (Eric Sandeen ) \n [253317] {CVE-2007-2878} ", "published": "2007-09-14T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2007-0705.html", "cvelist": ["CVE-2007-2876", "CVE-2007-3739", "CVE-2007-3851", "CVE-2007-3843", "CVE-2007-2875", "CVE-2007-3740", "CVE-2007-2878", "CVE-2007-1217"], "lastseen": "2016-09-04T11:16:21"}, {"id": "ELSA-2007-0376", "type": "oraclelinux", "title": "Important: kernel security and bug fix update ", "description": " [2.6.18-8.1.6.0.1.el5]\n -Fix bonding primary=ethX so it picks correct network (Bert Barbe) [IT \n 101532] [ORA 5136660]\n -Add entropy module option to e1000 (John Sobecki) [ORA 6045759]\n -Add entropy module option to bnx2 (John Sobecki) [ORA 6045759]\n \n [2.6.18.8-1.6.el5]\n - [bluetooth] close information leaks in setsockopt (Marcel Holtmann ) \n [241862]{CVE-2007-1353}\n - [net] fix memory leak in PPPoE (Neil Horman ) [241863] {CVE-2007-2525}\n - [random] fix seeding of dev/random (Aristeu Rozanski ) [241888]\n \n [2.6.18-8.1.5.el5]\n - [fs] prevent oops in compat_sys_mount (Jeff Layton ) [240456] \n {CVE-2006-7203}\n - [e1000] fix watchdog timeout panics (Andy Gospodarek ) [238048]\n - [ext3] return ENOENT from ext3_link when racing with unlink (Eric \n Sandeen ) [239787] ", "published": "2007-06-26T00:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2007-0376.html", "cvelist": ["CVE-2007-1353", "CVE-2006-7203", "CVE-2007-2453", "CVE-2007-2525"], "lastseen": "2016-09-04T11:16:27"}, {"id": "ELSA-2007-0488", "type": "oraclelinux", "title": "Important: kernel security update ", "description": " [2.6.9-55.0.2.0.1]\n - fix entropy flag in bnx2 driver to generate entropy pool (John \n Sobecki) [orabug 5931647]\n - fix for nfs open call taking longer issue (Chuck Lever) orabug 5580407 \n bz [219412]\n - fix enomem due to larger mtu size page alloc (Zach Brown) orabug 5486128\n - fix per_cpu() api bug_on with rds (Zach Brown) orabug 5760648\n - limit nr_requests in cfq io scheduler ( Jens Axboe) bz 234278 orabug \n 5899829\n \n [2.6.9-55.0.2]\n -cciss: fix size calculation in diskdump (Bryn Reeves) [243902]\n \n [2.6.9-55.0.1]\n -fix kernel spinlock panic in nfs/inode.c (Peter Staubach) [240855]\n -fix core-dumping unreadable binaries via PT_INTERP (Eric Sandeen) \n [243256] {CVE-2007-0958}\n -nlm: when reclaiming locks, skip non-posix locks (Jeff Layton) [243251] \n {CVE-2006-5158}\n -add missing fput() in a 32-bit ioctl on 64-bit x86 systems (Jeff Burke) \n [243252] {CVE-2007-0773}\n -prevent oops in compat_sys_mount with NULL data pointer (Jeff Layton) \n [243263] {CVE-2006-7203}\n -fix 32bit-compat rt_sigtimedwait (Guy Streeter) [240458]\n -nfs: fix repeated NFS mount failures lead to kernel panic (Peter \n Staubach) [240851]\n -safely store sysfs inode nrs in the sysfs dirent (Eric Sandeen) [242558]\n -protect sysfs ->s_dentry w/ locking (Eric Sandeen) [242558]\n -fix nr_unused accounting (Eric Sandeen) [241784]\n -fix bluetooth setsockopt() information leaks (Don Howard) [243259] \n {CVE-2007-1353}\n -fix DoS in PPPOE (Neil Horman) [243262] {CVE-2007-2525}\n -fix out of bounds fib_probs access vulnerability (Neil Horman) [243261] \n {CVE-2007-2172}\n -ip_conntrack_sctp: fix remotely triggerable NULL ptr dereference (Don \n Howard) [243746] {CVE-2007-2876 ", "published": "2007-06-26T00:00:00", "cvss": {"score": 6.1, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2007-0488.html", "cvelist": ["CVE-2007-2172", "CVE-2007-2876", "CVE-2007-0773", "CVE-2007-3104", "CVE-2006-5158", "CVE-2007-1353", "CVE-2006-7203", "CVE-2007-0958", "CVE-2007-2525"], "lastseen": "2016-09-04T11:15:55"}], "ubuntu": [{"id": "USN-470-1", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "description": "USN-464-1 fixed several vulnerabilities in the Linux kernel. Some additional code changes were accidentally included in the Feisty update which caused trouble for some people who were not using UUID-based filesystem mounts. These changes have been reverted. We apologize for the inconvenience. For more information see: <https://launchpad.net/bugs/117314> <https://wiki.ubuntu.com/UsingUUID>\n\nIlja van Sprundel discovered that Bluetooth setsockopt calls could leak kernel memory contents via an uninitialized stack buffer. A local attacker could exploit this flaw to view sensitive kernel information. (CVE-2007-1353)\n\nThe GEODE-AES driver did not correctly initialize its encryption key. Any data encrypted using this type of device would be easily compromised. (CVE-2007-2451)\n\nThe random number generator was hashing a subset of the available entropy, leading to slightly less random numbers. Additionally, systems without an entropy source would be seeded with the same inputs at boot time, leading to a repeatable series of random numbers. (CVE-2007-2453)", "published": "2007-06-08T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://usn.ubuntu.com/470-1/", "cvelist": ["CVE-2007-1353", "CVE-2007-2453", "CVE-2007-2451"], "lastseen": "2018-03-29T18:18:55"}, {"id": "USN-486-1", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "description": "The compat_sys_mount function allowed local users to cause a denial of service when mounting a smbfs filesystem in compatibility mode. (CVE-2006-7203)\n\nThe Omnikey CardMan 4040 driver (cm4040_cs) did not limit the size of buffers passed to read() and write(). A local attacker could exploit this to execute arbitrary code with kernel privileges. (CVE-2007-0005)\n\nDue to a variable handling flaw in the ipv6_getsockopt_sticky() function a local attacker could exploit the getsockopt() calls to read arbitrary kernel memory. This could disclose sensitive data. (CVE-2007-1000)\n\nIlja van Sprundel discovered that Bluetooth setsockopt calls could leak kernel memory contents via an uninitialized stack buffer. A local attacker could exploit this flaw to view sensitive kernel information. (CVE-2007-1353)\n\nA flaw was discovered in the handling of netlink messages. Local attackers could cause infinite recursion leading to a denial of service. (CVE-2007-1861)\n\nA flaw was discovered in the IPv6 stack\u2019s handling of type 0 route headers. By sending a specially crafted IPv6 packet, a remote attacker could cause a denial of service between two IPv6 hosts. (CVE-2007-2242)\n\nThe random number generator was hashing a subset of the available entropy, leading to slightly less random numbers. Additionally, systems without an entropy source would be seeded with the same inputs at boot time, leading to a repeatable series of random numbers. (CVE-2007-2453)\n\nA flaw was discovered in the PPP over Ethernet implementation. Local attackers could manipulate ioctls and cause kernel memory consumption leading to a denial of service. (CVE-2007-2525)\n\nAn integer underflow was discovered in the cpuset filesystem. If mounted, local attackers could obtain kernel memory using large file offsets while reading the tasks file. This could disclose sensitive data. (CVE-2007-2875)\n\nVilmos Nebehaj discovered that the SCTP netfilter code did not correctly validate certain states. A remote attacker could send a specially crafted packet causing a denial of service. (CVE-2007-2876)\n\nLuca Tettamanti discovered a flaw in the VFAT compat ioctls on 64-bit systems. A local attacker could corrupt a kernel_dirent struct and cause a denial of service. (CVE-2007-2878)", "published": "2007-07-18T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/486-1/", "cvelist": ["CVE-2007-2876", "CVE-2007-1353", "CVE-2006-7203", "CVE-2007-2242", "CVE-2007-2453", "CVE-2007-2875", "CVE-2007-0005", "CVE-2007-1861", "CVE-2007-1000", "CVE-2007-2878", "CVE-2007-2525"], "lastseen": "2018-03-29T18:20:50"}, {"id": "USN-489-1", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "description": "A flaw was discovered in dvb ULE decapsulation. A remote attacker could send a specially crafted message and cause a denial of service. (CVE-2006-4623)\n\nThe compat_sys_mount function allowed local users to cause a denial of service when mounting a smbfs filesystem in compatibility mode. (CVE-2006-7203)\n\nThe Omnikey CardMan 4040 driver (cm4040_cs) did not limit the size of buffers passed to read() and write(). A local attacker could exploit this to execute arbitrary code with kernel privileges. (CVE-2007-0005)\n\nDue to an variable handling flaw in the ipv6_getsockopt_sticky() function a local attacker could exploit the getsockopt() calls to read arbitrary kernel memory. This could disclose sensitive data. (CVE-2007-1000)\n\nIlja van Sprundel discovered that Bluetooth setsockopt calls could leak kernel memory contents via an uninitialized stack buffer. A local attacker could exploit this flaw to view sensitive kernel information. (CVE-2007-1353)\n\nA flaw was discovered in the handling of netlink messages. Local attackers could cause infinite recursion leading to a denial of service. (CVE-2007-1861)\n\nThe random number generator was hashing a subset of the available entropy, leading to slightly less random numbers. Additionally, systems without an entropy source would be seeded with the same inputs at boot time, leading to a repeatable series of random numbers. (CVE-2007-2453)\n\nA flaw was discovered in the PPP over Ethernet implementation. Local attackers could manipulate ioctls and cause kernel memory consumption leading to a denial of service. (CVE-2007-2525)\n\nAn integer underflow was discovered in the cpuset filesystem. If mounted, local attackers could obtain kernel memory using large file offsets while reading the tasks file. This could disclose sensitive data. (CVE-2007-2875)\n\nVilmos Nebehaj discovered that the SCTP netfilter code did not correctly validate certain states. A remote attacker could send a specially crafted packet causing a denial of service. (CVE-2007-2876)\n\nLuca Tettamanti discovered a flaw in the VFAT compat ioctls on 64-bit systems. A local attacker could corrupt a kernel_dirent struct and cause a denial of service. (CVE-2007-2878)\n\nA flaw was discovered in the cluster manager. A remote attacker could connect to the DLM port and block further DLM operations. (CVE-2007-3380)\n\nA flaw was discovered in the usblcd driver. A local attacker could cause large amounts of kernel memory consumption, leading to a denial of service. (CVE-2007-3513)", "published": "2007-07-19T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/489-1/", "cvelist": ["CVE-2007-2876", "CVE-2007-1353", "CVE-2006-7203", "CVE-2007-3380", "CVE-2007-3513", "CVE-2007-2453", "CVE-2007-2875", "CVE-2007-0005", "CVE-2006-4623", "CVE-2007-1861", "CVE-2007-1000", "CVE-2007-2878", "CVE-2007-2525"], "lastseen": "2018-03-29T18:18:01"}], "debian": [{"id": "DSA-1356", "type": "debian", "title": "linux-2.6 -- several vulnerabilities", "description": "Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:\n\n * [CVE-2007-1353](<https://security-tracker.debian.org/tracker/CVE-2007-1353>)\n\nIlja van Sprundel discovered that kernel memory could be leaked via the Bluetooth setsockopt call due to an uninitialized stack buffer. This could be used by local attackers to read the contents of sensitive kernel memory.\n\n * [CVE-2007-2172](<https://security-tracker.debian.org/tracker/CVE-2007-2172>)\n\nThomas Graf reported a typo in the DECnet protocol handler that could be used by a local attacker to overrun an array via crafted packets, potentially resulting in a Denial of Service (system crash). A similar issue exists in the IPV4 protocol handler and will be fixed in a subsequent update.\n\n * [CVE-2007-2453](<https://security-tracker.debian.org/tracker/CVE-2007-2453>)\n\nA couple of issues with random number generation were discovered. Slightly less random numbers resulted from hashing a subset of the available entropy. Zero-entropy systems were seeded with the same inputs at boot time, resulting in repeatable series of random numbers.\n\n * [CVE-2007-2525](<https://security-tracker.debian.org/tracker/CVE-2007-2525>)\n\nFlorian Zumbiehl discovered a memory leak in the PPPOE subsystem caused by releasing a socket before PPPIOCGCHAN is called upon it. This could be used by a local user to DoS a system by consuming all available memory.\n\n * [CVE-2007-2876](<https://security-tracker.debian.org/tracker/CVE-2007-2876>)\n\nVilmos Nebehaj discovered a NULL pointer dereference condition in the netfilter subsystem. This allows remote systems which communicate using the SCTP protocol to crash a system by creating a connection with an unknown chunk type.\n\n * [CVE-2007-3513](<https://security-tracker.debian.org/tracker/CVE-2007-3513>)\n\nOliver Neukum reported an issue in the usblcd driver which, by not limiting the size of write buffers, permits local users with write access to trigger a DoS by consuming all available memory.\n\n * [CVE-2007-3642](<https://security-tracker.debian.org/tracker/CVE-2007-3642>)\n\nZhongling Wen reported an issue in nf_conntrack_h323 where the lack of range checking may lead to NULL pointer dereferences. Remote attackers could exploit this to create a DoS condition (system crash).\n\n * [CVE-2007-3848](<https://security-tracker.debian.org/tracker/CVE-2007-3848>)\n\nWojciech Purczynski discovered that pdeath_signal was not being reset properly under certain conditions which may allow local users to gain privileges by sending arbitrary signals to suid binaries.\n\n * [CVE-2007-3851](<https://security-tracker.debian.org/tracker/CVE-2007-3851>)\n\nDave Airlie reported that Intel 965 and above chipsets have relocated their batch buffer security bits. Local X server users may exploit this to write user data to arbitrary physical memory addresses.\n\nThese problems have been fixed in the stable distribution in version 2.6.18.dfsg.1-13etch1.\n\nThe following matrix lists additional packages that were rebuilt for compatibility with or to take advantage of this update:\n\n| Debian 4.0 (etch) \n---|--- \nfai-kernels | 1.17+etch4 \nuser-mode-linux | 2.6.18-1um-2etch3 \n \nWe recommend that you upgrade your kernel package immediately and reboot the machine. If you have built a custom kernel from the kernel source package, you will need to rebuild to take advantage of these fixes.", "published": "2007-08-15T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-1356", "cvelist": ["CVE-2007-2172", "CVE-2007-2876", "CVE-2007-3848", "CVE-2007-1353", "CVE-2007-3851", "CVE-2007-3513", "CVE-2007-2453", "CVE-2007-3642", "CVE-2007-2525"], "lastseen": "2016-09-02T18:32:28"}, {"id": "DSA-1504", "type": "debian", "title": "kernel-source-2.6.8 -- several vulnerabilities", "description": "Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:\n\n * [CVE-2006-5823](<https://security-tracker.debian.org/tracker/CVE-2006-5823>)\n\nLMH reported a potential local DoS which could be exploited by a malicious user with the privileges to mount and read a corrupted cramfs filesystem.\n\n * [CVE-2006-6054](<https://security-tracker.debian.org/tracker/CVE-2006-6054>)\n\nLMH reported a potential local DoS which could be exploited by a malicious user with the privileges to mount and read a corrupted ext2 filesystem.\n\n * [CVE-2006-6058](<https://security-tracker.debian.org/tracker/CVE-2006-6058>)\n\nLMH reported an issue in the minix filesystem that allows local users with mount privileges to create a DoS (printk flood) by mounting a specially crafted corrupt filesystem.\n\n * [CVE-2006-7203](<https://security-tracker.debian.org/tracker/CVE-2006-7203>)\n\nOpenVZ Linux kernel team reported an issue in the smbfs filesystem which can be exploited by local users to cause a DoS (oops) during mount.\n\n * [CVE-2007-1353](<https://security-tracker.debian.org/tracker/CVE-2007-1353>)\n\nIlja van Sprundel discovered that kernel memory could be leaked via the Bluetooth setsockopt call due to an uninitialized stack buffer. This could be used by local attackers to read the contents of sensitive kernel memory.\n\n * [CVE-2007-2172](<https://security-tracker.debian.org/tracker/CVE-2007-2172>)\n\nThomas Graf reported a typo in the DECnet protocol handler that could be used by a local attacker to overrun an array via crafted packets, potentially resulting in a Denial of Service (system crash). A similar issue exists in the IPV4 protocol handler and will be fixed in a subsequent update.\n\n * [CVE-2007-2525](<https://security-tracker.debian.org/tracker/CVE-2007-2525>)\n\nFlorian Zumbiehl discovered a memory leak in the PPPOE subsystem caused by releasing a socket before PPPIOCGCHAN is called upon it. This could be used by a local user to DoS a system by consuming all available memory.\n\n * [CVE-2007-3105](<https://security-tracker.debian.org/tracker/CVE-2007-3105>)\n\nThe PaX Team discovered a potential buffer overflow in the random number generator which may permit local users to cause a denial of service or gain additional privileges. This issue is not believed to effect default Debian installations where only root has sufficient privileges to exploit it.\n\n * [CVE-2007-3739](<https://security-tracker.debian.org/tracker/CVE-2007-3739>)\n\nAdam Litke reported a potential local denial of service (oops) on powerpc platforms resulting from unchecked VMA expansion into address space reserved for hugetlb pages.\n\n * [CVE-2007-3740](<https://security-tracker.debian.org/tracker/CVE-2007-3740>)\n\nSteve French reported that CIFS filesystems with CAP_UNIX enabled were not honoring a process' umask which may lead to unintentionally relaxed permissions.\n\n * [CVE-2007-3848](<https://security-tracker.debian.org/tracker/CVE-2007-3848>)\n\nWojciech Purczynski discovered that pdeath_signal was not being reset properly under certain conditions which may allow local users to gain privileges by sending arbitrary signals to suid binaries.\n\n * [CVE-2007-4133](<https://security-tracker.debian.org/tracker/CVE-2007-4133>)\n\nHugh Dickins discovered a potential local DoS (panic) in hugetlbfs. A misconversion of hugetlb_vmtruncate_list to prio_tree may allow local users to trigger a BUG_ON() call in exit_mmap.\n\n * [CVE-2007-4308](<https://security-tracker.debian.org/tracker/CVE-2007-4308>)\n\nAlan Cox reported an issue in the aacraid driver that allows unprivileged local users to make ioctl calls which should be restricted to admin privileges.\n\n * [CVE-2007-4573](<https://security-tracker.debian.org/tracker/CVE-2007-4573>)\n\nWojciech Purczynski discovered a vulnerability that can be exploited by a local user to obtain superuser privileges on x86_64 systems. This resulted from improper clearing of the high bits of registers during ia32 system call emulation. This vulnerability is relevant to the Debian amd64 port as well as users of the i386 port who run the amd64 linux-image flavour.\n\n * [CVE-2007-5093](<https://security-tracker.debian.org/tracker/CVE-2007-5093>)\n\nAlex Smith discovered an issue with the pwc driver for certain webcam devices. If the device is removed while a userspace application has it open, the driver will wait for userspace to close the device, resulting in a blocked USB subsystem. This issue is of low security impact as it requires the attacker to either have physical access to the system or to convince a user with local access to remove the device on their behalf.\n\n * [CVE-2007-6063](<https://security-tracker.debian.org/tracker/CVE-2007-6063>)\n\nVenustech AD-LAB discovered a a buffer overflow in the isdn ioctl handling, exploitable by a local user.\n\n * [CVE-2007-6151](<https://security-tracker.debian.org/tracker/CVE-2007-6151>)\n\nADLAB discovered a possible memory overrun in the ISDN subsystem that may permit a local user to overwrite kernel memory by issuing ioctls with unterminated data.\n\n * [CVE-2007-6206](<https://security-tracker.debian.org/tracker/CVE-2007-6206>)\n\nBlake Frantz discovered that when a core file owned by a non-root user exists, and a root-owned process dumps core over it, the core file retains its original ownership. This could be used by a local user to gain access to sensitive information.\n\n * [CVE-2007-6694](<https://security-tracker.debian.org/tracker/CVE-2007-6694>)\n\nCyrill Gorcunov reported a NULL pointer dereference in code specific to the CHRP PowerPC platforms. Local users could exploit this issue to achieve a Denial of Service (DoS).\n\n * [CVE-2008-0007](<https://security-tracker.debian.org/tracker/CVE-2008-0007>)\n\nNick Piggin of SuSE discovered a number of issues in subsystems which register a fault handler for memory mapped areas. This issue can be exploited by local users to achieve a Denial of Service (DoS) and possibly execute arbitrary code.\n\nThe following matrix lists additional packages that were rebuilt for compatibility with or to take advantage of this update:\n\n| Debian 3.1 (sarge) \n---|--- \nkernel-image-2.6.8-alpha | 2.6.8-17sarge1 \nkernel-image-2.6.8-amd64 | 2.6.8-17sarge1 \nkernel-image-2.6.8-hppa | 2.6.8-7sarge1 \nkernel-image-2.6.8-i386 | 2.6.8-17sarge1 \nkernel-image-2.6.8-ia64 | 2.6.8-15sarge1 \nkernel-image-2.6.8-m68k | 2.6.8-5sarge1 \nkernel-image-2.6.8-s390 | 2.6.8-6sarge1 \nkernel-image-2.6.8-sparc | 2.6.8-16sarge1 \nkernel-patch-powerpc-2.6.8 | 2.6.8-13sarge1 \nfai-kernels | 1.9.1sarge8 \n \nWe recommend that you upgrade your kernel package immediately and reboot the machine. If you have built a custom kernel from the kernel source package, you will need to rebuild to take advantage of these fixes.", "published": "2008-02-22T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-1504", "cvelist": ["CVE-2007-4573", "CVE-2007-2172", "CVE-2006-6054", "CVE-2007-3848", "CVE-2007-3739", "CVE-2007-1353", "CVE-2006-7203", "CVE-2007-4133", "CVE-2007-3105", "CVE-2007-6151", "CVE-2007-5093", "CVE-2007-4308", "CVE-2008-0007", "CVE-2007-6206", "CVE-2007-3740", "CVE-2006-5823", "CVE-2007-6694", "CVE-2006-6058", "CVE-2007-2525", "CVE-2007-6063"], "lastseen": "2016-09-02T18:21:34"}, {"id": "DSA-1503", "type": "debian", "title": "kernel-source-2.4.27 -- several vulnerabilities", "description": "Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:\n\n * [CVE-2004-2731](<https://security-tracker.debian.org/tracker/CVE-2004-2731>)\n\ninfamous41md reported multiple integer overflows in the Sbus PROM driver that would allow for a DoS (Denial of Service) attack by a local user, and possibly the execution of arbitrary code.\n\n * [CVE-2006-4814](<https://security-tracker.debian.org/tracker/CVE-2006-4814>)\n\nDoug Chapman discovered a potential local DoS (deadlock) in the mincore function caused by improper lock handling.\n\n * [CVE-2006-5753](<https://security-tracker.debian.org/tracker/CVE-2006-5753>)\n\nEric Sandeen provided a fix for a local memory corruption vulnerability resulting from a misinterpretation of return values when operating on inodes which have been marked bad.\n\n * [CVE-2006-5823](<https://security-tracker.debian.org/tracker/CVE-2006-5823>)\n\nLMH reported a potential local DoS which could be exploited by a malicious user with the privileges to mount and read a corrupted cramfs filesystem.\n\n * [CVE-2006-6053](<https://security-tracker.debian.org/tracker/CVE-2006-6053>)\n\nLMH reported a potential local DoS which could be exploited by a malicious user with the privileges to mount and read a corrupted ext3 filesystem.\n\n * [CVE-2006-6054](<https://security-tracker.debian.org/tracker/CVE-2006-6054>)\n\nLMH reported a potential local DoS which could be exploited by a malicious user with the privileges to mount and read a corrupted ext2 filesystem.\n\n * [CVE-2006-6106](<https://security-tracker.debian.org/tracker/CVE-2006-6106>)\n\nMarcel Holtman discovered multiple buffer overflows in the Bluetooth subsystem which can be used to trigger a remote DoS (crash) and potentially execute arbitrary code.\n\n * [CVE-2007-1353](<https://security-tracker.debian.org/tracker/CVE-2007-1353>)\n\nIlja van Sprundel discovered that kernel memory could be leaked via the Bluetooth setsockopt call due to an uninitialized stack buffer. This could be used by local attackers to read the contents of sensitive kernel memory.\n\n * [CVE-2007-1592](<https://security-tracker.debian.org/tracker/CVE-2007-1592>)\n\nMasayuki Nakagawa discovered that flow labels were inadvertently being shared between listening sockets and child sockets. This defect can be exploited by local users to cause a DoS (Oops).\n\n * [CVE-2007-2172](<https://security-tracker.debian.org/tracker/CVE-2007-2172>)\n\nThomas Graf reported a typo in the DECnet protocol handler that could be used by a local attacker to overrun an array via crafted packets, potentially resulting in a Denial of Service (system crash). A similar issue exists in the IPV4 protocol handler and will be fixed in a subsequent update.\n\n * [CVE-2007-2525](<https://security-tracker.debian.org/tracker/CVE-2007-2525>)\n\nFlorian Zumbiehl discovered a memory leak in the PPPOE subsystem caused by releasing a socket before PPPIOCGCHAN is called upon it. This could be used by a local user to DoS a system by consuming all available memory.\n\n * [CVE-2007-3848](<https://security-tracker.debian.org/tracker/CVE-2007-3848>)\n\nWojciech Purczynski discovered that pdeath_signal was not being reset properly under certain conditions which may allow local users to gain privileges by sending arbitrary signals to suid binaries.\n\n * [CVE-2007-4308](<https://security-tracker.debian.org/tracker/CVE-2007-4308>)\n\nAlan Cox reported an issue in the aacraid driver that allows unprivileged local users to make ioctl calls which should be restricted to admin privileges.\n\n * [CVE-2007-4311](<https://security-tracker.debian.org/tracker/CVE-2007-4311>)\n\nPaX team discovered an issue in the random driver where a defect in the reseeding code leads to a reduction in entropy.\n\n * [CVE-2007-5093](<https://security-tracker.debian.org/tracker/CVE-2007-5093>)\n\nAlex Smith discovered an issue with the pwc driver for certain webcam devices. If the device is removed while a userspace application has it open, the driver will wait for userspace to close the device, resulting in a blocked USB subsystem. This issue is of low security impact as it requires the attacker to either have physical access to the system or to convince a user with local access to remove the device on their behalf.\n\n * [CVE-2007-6063](<https://security-tracker.debian.org/tracker/CVE-2007-6063>)\n\nVenustech AD-LAB discovered a a buffer overflow in the isdn ioctl handling, exploitable by a local user.\n\n * [CVE-2007-6151](<https://security-tracker.debian.org/tracker/CVE-2007-6151>)\n\nADLAB discovered a possible memory overrun in the ISDN subsystem that may permit a local user to overwrite kernel memory by issuing ioctls with unterminated data.\n\n * [CVE-2007-6206](<https://security-tracker.debian.org/tracker/CVE-2007-6206>)\n\nBlake Frantz discovered that when a core file owned by a non-root user exists, and a root-owned process dumps core over it, the core file retains its original ownership. This could be used by a local user to gain access to sensitive information.\n\n * [CVE-2007-6694](<https://security-tracker.debian.org/tracker/CVE-2007-6694>)\n\nCyrill Gorcunov reported a NULL pointer dereference in code specific to the CHRP PowerPC platforms. Local users could exploit this issue to achieve a Denial of Service (DoS).\n\n * [CVE-2008-0007](<https://security-tracker.debian.org/tracker/CVE-2008-0007>)\n\nNick Piggin of SuSE discovered a number of issues in subsystems which register a fault handler for memory mapped areas. This issue can be exploited by local users to achieve a Denial of Service (DoS) and possibly execute arbitrary code.\n\nThe following matrix lists additional packages that were rebuilt for compatibility with or to take advantage of this update:\n\n| Debian 3.1 (sarge) \n---|--- \nalsa-modules-i386 | 1.0.8+2sarge2 \nkernel-image-2.4.27-arm | 2.4.27-2sarge6 \nkernel-image-2.4.27-m68k | 2.4.27-3sarge6 \nkernel-image-speakup-i386 | 2.4.27-1.1sarge5 \nkernel-image-2.4.27-alpha | 2.4.27-10sarge6 \nkernel-image-2.4.27-s390 | 2.4.27-2sarge6 \nkernel-image-2.4.27-sparc | 2.4.27-9sarge6 \nkernel-image-2.4.27-i386 | 2.4.27-10sarge6 \nkernel-image-2.4.27-ia64 | 2.4.27-10sarge6 \nkernel-patch-2.4.27-mips | 2.4.27-10.sarge4.040815-3 \nkernel-patch-powerpc-2.4.27| 2.4.27-10sarge6 \nkernel-latest-2.4-alpha | 101sarge3 \nkernel-latest-2.4-i386 | 101sarge2 \nkernel-latest-2.4-s390 | 2.4.27-1sarge2 \nkernel-latest-2.4-sparc | 42sarge3 \ni2c | 1:2.9.1-1sarge2 \nlm-sensors | 1:2.9.1-1sarge4 \nmindi-kernel | 2.4.27-2sarge5 \npcmcia-modules-2.4.27-i386 | 3.2.5+2sarge2 \nhostap-modules-i386 | 1:0.3.7-1sarge3 \nsystemimager | 3.2.3-6sarge5 \n \nWe recommend that you upgrade your kernel package immediately and reboot the machine. If you have built a custom kernel from the kernel source package, you will need to rebuild to take advantage of these fixes.", "published": "2008-02-22T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-1503", "cvelist": ["CVE-2007-2172", "CVE-2006-6054", "CVE-2007-3848", "CVE-2007-4311", "CVE-2007-1353", "CVE-2006-4814", "CVE-2007-6151", "CVE-2004-2731", "CVE-2006-6106", "CVE-2007-5093", "CVE-2007-4308", "CVE-2008-0007", "CVE-2007-1592", "CVE-2006-6053", "CVE-2007-6206", "CVE-2006-5753", "CVE-2006-5823", "CVE-2007-6694", "CVE-2007-2525", "CVE-2007-6063"], "lastseen": "2016-09-02T18:30:06"}], "suse": [{"id": "SUSE-SA:2007:035", "type": "suse", "title": "remote denial of service in kernel", "description": "This kernel update fixes the following security problems in our SUSE Linux Enterprise Server 9, Novell Linux Desktop 9 and Open Enterprise Server kernels.\n#### Solution\nThere is no known workaround, please install the update packages.", "published": "2007-06-14T16:33:34", "cvss": {"score": 9.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2007-06/msg00004.html", "cvelist": ["CVE-2006-6535", "CVE-2007-1353", "CVE-2006-7203", "CVE-2006-6106", "CVE-2006-5754", "CVE-2007-1592", "CVE-2006-5871", "CVE-2006-5753", "CVE-2007-1357", "CVE-2006-2936", "CVE-2006-5749"], "lastseen": "2016-09-04T11:50:35"}]}}
