exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

CVE-2007-2172

Status Candidate

Overview

A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before 2.4.35 causes RTA_MAX to be used as an array size instead of RTN_MAX, which leads to an "out of bound access" by the (1) dn_fib_props (dn_fib.c, DECNet) and (2) fib_props (fib_semantics.c, IPv4) functions.

Related Files

Debian Linux Security Advisory 1503-2
Posted Mar 12, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1503-2 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.

tags | advisory, remote, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, debian
advisories | CVE-2004-2731, CVE-2006-4814, CVE-2006-5753, CVE-2006-5823, CVE-2006-6053, CVE-2006-6054, CVE-2006-6106, CVE-2007-1353, CVE-2007-1592, CVE-2007-2172, CVE-2007-2525, CVE-2007-3848, CVE-2007-4308, CVE-2007-4311, CVE-2007-5093, CVE-2007-6063, CVE-2007-6151, CVE-2007-6206
SHA-256 | 602da77c5b44f4181dfa36960a7570c87107eb6246c70e7a244984342052d16e
dsa-1504.txt
Posted Feb 23, 2008
Site debian.org

Debian Security Advisory 1504 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.

tags | advisory, remote, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, debian
advisories | CVE-2006-5823, CVE-2006-6054, CVE-2006-6058, CVE-2006-7203, CVE-2007-1353, CVE-2007-2172, CVE-2007-2525, CVE-2007-3105, CVE-2007-3739, CVE-2007-3740, CVE-2007-3848, CVE-2007-4133, CVE-2007-4308, CVE-2007-4573, CVE-2007-5093, CVE-2007-6063, CVE-2007-6151, CVE-2007-6206
SHA-256 | d9234e89f15889ca0ed30e9932d41bab7de4afb38fb3aa7aca4a51d6e95b9ab4
dsa-1503.txt
Posted Feb 23, 2008
Site debian.org

Debian Security Advisory 1503 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.

tags | advisory, remote, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, debian
advisories | CVE-2004-2731, CVE-2006-4814, CVE-2006-5753, CVE-2006-5823, CVE-2006-6053, CVE-2006-6054, CVE-2006-6106, CVE-2007-1353, CVE-2007-1592, CVE-2007-2172, CVE-2007-2525, CVE-2007-3848, CVE-2007-4308, CVE-2007-4311, CVE-2007-5093, CVE-2007-6063, CVE-2007-6151, CVE-2007-6206
SHA-256 | ca21d0f18806b9246b54ef9e7a73dafa480db06ba59e7da8217f46ad1652f53e
Mandriva Linux Security Advisory 2007.216
Posted Nov 14, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - About a half dozen vulnerabilities were discovered and corrected in the Linux 2.6 kernel. These range from buffer overflows to denial of service flaws.

tags | advisory, denial of service, overflow, kernel, vulnerability
systems | linux, mandriva
advisories | CVE-2007-2172, CVE-2007-2242, CVE-2007-2453, CVE-2007-2525, CVE-2007-3105, CVE-2007-4133
SHA-256 | 7d892c5c690906c9b13cf117500d7b5bf675ad403373a51160861752f86b5ac0
Mandriva Linux Security Advisory 2007.196
Posted Oct 16, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The compat_sys_mount function in fs/compat.c allowed local users to cause a denial of service (NULL pointer dereference and oops) by mounting a smbfs file system in compatibility mode. The nf_conntrack function in netfilter did not set nfctinfo during reassembly of fragmented packets, which left the default value as IP_CT_ESTABLISHED and could allow remote attackers to bypass certain rulesets using IPv6 fragments. A typo in the Linux kernel caused RTA_MAX to be used as an array size instead of RTN_MAX, which lead to an out of bounds access by certain functions. The IPv6 protocol allowed remote attackers to cause a denial of service via crafted IPv6 type 0 route headers that create network amplification between two routers. The random number feature did not properly seed pools when there was no entropy, or used an incorrect cast when extracting entropy, which could cause the random number generator to provide the same values after reboots on systems without an entropy source. A memory leak in the PPPoE socket implementation allowed local users to cause a denial of service (memory consumption) by creating a socket using connect, and releasing it before the PPPIOCGCHAN ioctl is initialized. An integer underflow in the cpuset_tasks_read function, when the cpuset filesystem is mounted, allowed local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file. The sctp_new function in netfilter allowed remote attackers to cause a denial of service by causing certain invalid states that triggered a NULL pointer dereference. A stack-based buffer overflow in the random number generator could allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater than the output pool size. The lcd_write function did not limit the amount of memory used by a caller, which allows local users to cause a denial of service (memory consumption). The Linux kernel allowed local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die which delivered an attacker-controlled parent process death signal (PR_SET_PDEATHSIG). The aac_cfg_openm and aac_compat_ioctl functions in the SCSI layer ioctl patch in aacraid did not check permissions for ioctls, which might allow local users to cause a denial of service or gain privileges. The IA32 system call emulation functionality, when running on the x86_64 architecture, did not zero extend the eax register after the 32bit entry path to ptrace is used, which could allow local users to gain privileges by triggering an out-of-bounds access to the system call table using the %RAX register.

tags | advisory, remote, denial of service, overflow, arbitrary, kernel, local, root, protocol, memory leak
systems | linux, mandriva
advisories | CVE-2006-7203, CVE-2007-1497, CVE-2007-2172, CVE-2007-2242, CVE-2007-2453, CVE-2007-2525, CVE-2007-2875, CVE-2007-2876, CVE-2007-3105, CVE-2007-3513, CVE-2007-3848, CVE-2007-4308, CVE-2007-4573
SHA-256 | 64832840334304a0ea0bb133dcd8a2e85f8bbea606fab02ea59dc6a77f2fed01
Debian Linux Security Advisory 1363-1
Posted Sep 5, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1363-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.

tags | advisory, remote, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, debian
advisories | CVE-2007-2172, CVE-2007-2875, CVE-2007-3105, CVE-2007-3843, CVE-2007-4308
SHA-256 | d5972fd85fbf1afaad38fdca77c8deaa6dfbbe2c955a9fdc5c8d980656e91d62
Mandriva Linux Security Advisory 2007.171
Posted Aug 29, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Some vulnerabilities have been discovered and corrected in the Linux 2.6 kernel.

tags | advisory, kernel, vulnerability
systems | linux, mandriva
advisories | CVE-2006-5755, CVE-2006-7203, CVE-2007-1496, CVE-2007-1497, CVE-2007-1861, CVE-2007-2172, CVE-2007-2242, CVE-2007-2453, CVE-2007-2525, CVE-2007-2875, CVE-2007-2876
SHA-256 | bd907ca4046ec2b9bc817fc56fcfddf665817aff608e918a3d9bab59365e0a2c
Debian Linux Security Advisory 1356-1
Posted Aug 16, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1356-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.

tags | advisory, remote, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, debian
advisories | CVE-2007-1353, CVE-2007-2172, CVE-2007-2453, CVE-2007-2525, CVE-2007-2876, CVE-2007-3513, CVE-2007-3642, CVE-2007-3848, CVE-2007-3851
SHA-256 | c53758ac8c375ec24755f85ab0df04f7bfb5b29732320b29f3d4926757945636
Ubuntu Security Notice 464-1
Posted May 30, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 464-1 - Multiple vulnerabilities have been patched against in the Linux kernel. Philipp Richter discovered that the AppleTalk protocol handler did not sufficiently verify the length of packets. By sending a crafted AppleTalk packet, a remote attacker could exploit this to crash the kernel. Gabriel Campana discovered that the do_ipv6_setsockopt() function did not sufficiently verify option values for IPV6_RTHDR. A local attacker could exploit this to trigger a kernel crash. A Denial of Service vulnerability was discovered in the nfnetlink_log() netfilter function. A remote attacker could exploit this to trigger a kernel crash. The connection tracking module for IPv6 did not properly handle the status field when reassembling fragmented packets, so that the final packet always had the 'established' state. A remote attacker could exploit this to bypass intended firewall rules. Masayuki Nakagawa discovered an error in the flowlabel handling of IPv6 network sockets. A local attacker could exploit this to crash the kernel. The do_dccp_getsockopt() function did not sufficiently verify the optlen argument. A local attacker could exploit this to read kernel memory (which might expose sensitive data) or cause a kernel crash. This only affects Ubuntu 7.04. The IPv4 and DECnet network protocol handlers incorrectly declared an array variable so that it became smaller than intended. By sending crafted packets over a netlink socket, a local attacker could exploit this to crash the kernel.

tags | advisory, remote, denial of service, kernel, local, vulnerability, protocol
systems | linux, ubuntu
advisories | CVE-2007-1357, CVE-2007-1388, CVE-2007-1496, CVE-2007-1497, CVE-2007-1592, CVE-2007-1730, CVE-2007-2172
SHA-256 | 5ce50556e7095fc936bee41e30d6ea94c9ff6bd833408e463221176b94a11444
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close