what you don't know can hurt you
Showing 1 - 5 of 5 RSS Feed

CVE-2007-0005

Status Candidate

Overview

Multiple buffer overflows in the (1) read and (2) write handlers in the Omnikey CardMan 4040 driver in the Linux kernel before 2.6.21-rc3 allow local users to gain privileges.

Related Files

Ubuntu Security Notice 489-1
Posted Jul 20, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 489-1 - A ridiculous amount of vulnerabilities in the Linux 2.6 kernel have been fixed.

tags | advisory, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2006-4623, CVE-2006-7203, CVE-2007-0005, CVE-2007-1000, CVE-2007-1353, CVE-2007-1861, CVE-2007-2453, CVE-2007-2525, CVE-2007-2875, CVE-2007-2876, CVE-2007-2878, CVE-2007-3380, CVE-2007-3513
MD5 | 44760b5f718175c47aece71c76f178d5
Ubuntu Security Notice 486-1
Posted Jul 19, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 486-1 - The compat_sys_mount function allowed local users to cause a denial of service when mounting a smbfs filesystem in compatibility mode. The Omnikey CardMan 4040 driver (cm4040_cs) did not limit the size of buffers passed to read() and write(). A local attacker could exploit this to execute arbitrary code with kernel privileges. Due to a variable handling flaw in the ipv6_getsockopt_sticky() function a local attacker could exploit the getsockopt() calls to read arbitrary kernel memory. This could disclose sensitive data. Ilja van Sprundel discovered that Bluetooth setsockopt calls could leak kernel memory contents via an uninitialized stack buffer. A local attacker could exploit this flaw to view sensitive kernel information. A flaw was discovered in the handling of netlink messages. Local attackers could cause infinite recursion leading to a denial of service. A flaw was discovered in the IPv6 stack's handling of type 0 route headers. By sending a specially crafted IPv6 packet, a remote attacker could cause a denial of service between two IPv6 hosts. The random number generator was hashing a subset of the available entropy, leading to slightly less random numbers. Additionally, systems without an entropy source would be seeded with the same inputs at boot time, leading to a repeatable series of random numbers. A flaw was discovered in the PPP over Ethernet implementation. Local attackers could manipulate ioctls and cause kernel memory consumption leading to a denial of service. An integer underflow was discovered in the cpuset filesystem. If mounted, local attackers could obtain kernel memory using large file offsets while reading the tasks file. This could disclose sensitive data. Vilmos Nebehaj discovered that the SCTP netfilter code did not correctly validate certain states. A remote attacker could send a specially crafted packet causing a denial of service. Luca Tettamanti discovered a flaw in the VFAT compat ioctls on 64-bit systems. A local attacker could corrupt a kernel_dirent struct and cause a denial of service.

tags | advisory, remote, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2006-7203, CVE-2007-0005, CVE-2007-1000, CVE-2007-1353, CVE-2007-1861, CVE-2007-2242, CVE-2007-2453, CVE-2007-2525, CVE-2007-2875, CVE-2007-2876, CVE-2007-2878
MD5 | d1fbda39809930977b9a5d12439c40b2
Debian Linux Security Advisory 1286-1
Posted May 3, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1286-1 - Several local and remote vulnerabilities have been discovered in the Linux 2.6 kernel that may lead to a denial of service or the execution of arbitrary code.

tags | advisory, remote, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, debian
advisories | CVE-2007-0005, CVE-2007-0958, CVE-2007-1357, CVE-2007-1592
MD5 | ff6e8f6c319b5a3037f40b63da55ff70
Mandriva Linux Security Advisory 2007.078
Posted Apr 5, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Quite a few kernel related vulnerabilities have been fixed for the Linux 2.6 series.

tags | advisory, kernel, vulnerability
systems | linux, mandriva
advisories | CVE-2006-6056, CVE-2007-0005, CVE-2007-0772, CVE-2007-0958, CVE-2007-1000, CVE-2007-1217, CVE-2007-1388, CVE-2007-1592
MD5 | 3afceaa1b967983bc076986ed7c5b2d9
csa-driver.txt
Posted Mar 13, 2007
Authored by Daniel Roethlisberger | Site csnc.ch

COMPASS SECURITY ADVISORY - The Linux drivers for the Omnikey CardMan 4040 smartcard reader contains a buffer overflow vulnerability. Local attackers with direct or indirect write permissions to a cmx device file can execute arbitrary code with kernel privileges or may cause a denial of service condition. Proof of concept exploit included.

tags | exploit, denial of service, overflow, arbitrary, kernel, local, proof of concept
systems | linux
advisories | CVE-2007-0005
MD5 | 7dca159ebdcc3579a8aef062fa5d499b
Page 1 of 1
Back1Next

File Archive:

March 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    2 Files
  • 2
    Mar 2nd
    18 Files
  • 3
    Mar 3rd
    15 Files
  • 4
    Mar 4th
    12 Files
  • 5
    Mar 5th
    19 Files
  • 6
    Mar 6th
    8 Files
  • 7
    Mar 7th
    1 Files
  • 8
    Mar 8th
    1 Files
  • 9
    Mar 9th
    11 Files
  • 10
    Mar 10th
    15 Files
  • 11
    Mar 11th
    9 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    13 Files
  • 14
    Mar 14th
    10 Files
  • 15
    Mar 15th
    13 Files
  • 16
    Mar 16th
    27 Files
  • 17
    Mar 17th
    15 Files
  • 18
    Mar 18th
    23 Files
  • 19
    Mar 19th
    25 Files
  • 20
    Mar 20th
    10 Files
  • 21
    Mar 21st
    6 Files
  • 22
    Mar 22nd
    1 Files
  • 23
    Mar 23rd
    22 Files
  • 24
    Mar 24th
    15 Files
  • 25
    Mar 25th
    22 Files
  • 26
    Mar 26th
    20 Files
  • 27
    Mar 27th
    15 Files
  • 28
    Mar 28th
    10 Files
  • 29
    Mar 29th
    1 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close