Vulnerabilities > CVE-2007-4574 - Local Denial Of Service vulnerability in Redhat Enterprise Linux 5.0

CVSS 4.7 - MEDIUM

Attack vector

LOCAL

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

local

redhat

amd

intel

nessus

NVD

Published: 2007-10-23

Updated: 2017-09-29

Summary

Unspecified vulnerability in the "stack unwinder fixes" in kernel in Red Hat Enterprise Linux 5, when running on AMD64 and Intel 64, allows local users to cause a denial of service via unknown vectors.

Vulnerable Configurations

Part	Description	Count
OS	Redhat Redhat Enterprise Linux 5.0	2
Hardware	Amd AMD Amd64 *	1
Hardware	Intel Intel Ia64 *	1

Nessus

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2007-0940.NASL
description	From Red Hat Security Advisory 2007:0940 : Updated kernel packages that fix various security issues in the Red Hat Enterprise Linux 5 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the following security issues : * A flaw was found in the backported stack unwinder fixes in Red Hat Enterprise Linux 5. On AMD64 and Intel 64 platforms, a local user could trigger this flaw and cause a denial of service. (CVE-2007-4574, Important) * A flaw was found in the handling of process death signals. This allowed a local user to send arbitrary signals to the suid-process executed by that user. A successful exploitation of this flaw depends on the structure of the suid-program and its signal handling. (CVE-2007-3848, Important) * A flaw was found in the Distributed Lock Manager (DLM) in the cluster manager. This allowed a remote user who is able to connect to the DLM port to cause a denial of service. (CVE-2007-3380, Important) * A flaw was found in the aacraid SCSI driver. This allowed a local user to make ioctl calls to the driver which should otherwise be restricted to privileged users. (CVE-2007-4308, Moderate) * A flaw was found in the prio_tree handling of the hugetlb support that allowed a local user to cause a denial of service. This only affected kernels with hugetlb support. (CVE-2007-4133, Moderate) * A flaw was found in the eHCA driver on PowerPC architectures that allowed a local user to access 60k of physical address space. This address space could contain sensitive information. (CVE-2007-3850, Moderate) * A flaw was found in ptrace support that allowed a local user to cause a denial of service via a NULL pointer dereference. (CVE-2007-3731, Moderate) * A flaw was found in the usblcd driver that allowed a local user to cause a denial of service by writing data to the device node. To exploit this issue, write access to the device node was needed. (CVE-2007-3513, Moderate) * A flaw was found in the random number generator implementation that allowed a local user to cause a denial of service or possibly gain privileges. If the root user raised the default wakeup threshold over the size of the output pool, this flaw could be exploited. (CVE-2007-3105, Low) In addition to the security issues described above, several bug fixes preventing possible system crashes and data corruption were also included. Red Hat Enterprise Linux 5 users are advised to upgrade to these packages, which contain backported patches to resolve these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	67581
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/67581
title	Oracle Linux 5 : kernel (ELSA-2007-0940)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2007-0940.NASL
description	Updated kernel packages that fix various security issues in the Red Hat Enterprise Linux 5 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the following security issues : * A flaw was found in the backported stack unwinder fixes in Red Hat Enterprise Linux 5. On AMD64 and Intel 64 platforms, a local user could trigger this flaw and cause a denial of service. (CVE-2007-4574, Important) * A flaw was found in the handling of process death signals. This allowed a local user to send arbitrary signals to the suid-process executed by that user. A successful exploitation of this flaw depends on the structure of the suid-program and its signal handling. (CVE-2007-3848, Important) * A flaw was found in the Distributed Lock Manager (DLM) in the cluster manager. This allowed a remote user who is able to connect to the DLM port to cause a denial of service. (CVE-2007-3380, Important) * A flaw was found in the aacraid SCSI driver. This allowed a local user to make ioctl calls to the driver which should otherwise be restricted to privileged users. (CVE-2007-4308, Moderate) * A flaw was found in the prio_tree handling of the hugetlb support that allowed a local user to cause a denial of service. This only affected kernels with hugetlb support. (CVE-2007-4133, Moderate) * A flaw was found in the eHCA driver on PowerPC architectures that allowed a local user to access 60k of physical address space. This address space could contain sensitive information. (CVE-2007-3850, Moderate) * A flaw was found in ptrace support that allowed a local user to cause a denial of service via a NULL pointer dereference. (CVE-2007-3731, Moderate) * A flaw was found in the usblcd driver that allowed a local user to cause a denial of service by writing data to the device node. To exploit this issue, write access to the device node was needed. (CVE-2007-3513, Moderate) * A flaw was found in the random number generator implementation that allowed a local user to cause a denial of service or possibly gain privileges. If the root user raised the default wakeup threshold over the size of the output pool, this flaw could be exploited. (CVE-2007-3105, Low) In addition to the security issues described above, several bug fixes preventing possible system crashes and data corruption were also included. Red Hat Enterprise Linux 5 users are advised to upgrade to these packages, which contain backported patches to resolve these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	43654
published	2010-01-06
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/43654
title	CentOS 5 : kernel (CESA-2007:0940)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2007-0940.NASL
description	Updated kernel packages that fix various security issues in the Red Hat Enterprise Linux 5 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the following security issues : * A flaw was found in the backported stack unwinder fixes in Red Hat Enterprise Linux 5. On AMD64 and Intel 64 platforms, a local user could trigger this flaw and cause a denial of service. (CVE-2007-4574, Important) * A flaw was found in the handling of process death signals. This allowed a local user to send arbitrary signals to the suid-process executed by that user. A successful exploitation of this flaw depends on the structure of the suid-program and its signal handling. (CVE-2007-3848, Important) * A flaw was found in the Distributed Lock Manager (DLM) in the cluster manager. This allowed a remote user who is able to connect to the DLM port to cause a denial of service. (CVE-2007-3380, Important) * A flaw was found in the aacraid SCSI driver. This allowed a local user to make ioctl calls to the driver which should otherwise be restricted to privileged users. (CVE-2007-4308, Moderate) * A flaw was found in the prio_tree handling of the hugetlb support that allowed a local user to cause a denial of service. This only affected kernels with hugetlb support. (CVE-2007-4133, Moderate) * A flaw was found in the eHCA driver on PowerPC architectures that allowed a local user to access 60k of physical address space. This address space could contain sensitive information. (CVE-2007-3850, Moderate) * A flaw was found in ptrace support that allowed a local user to cause a denial of service via a NULL pointer dereference. (CVE-2007-3731, Moderate) * A flaw was found in the usblcd driver that allowed a local user to cause a denial of service by writing data to the device node. To exploit this issue, write access to the device node was needed. (CVE-2007-3513, Moderate) * A flaw was found in the random number generator implementation that allowed a local user to cause a denial of service or possibly gain privileges. If the root user raised the default wakeup threshold over the size of the output pool, this flaw could be exploited. (CVE-2007-3105, Low) In addition to the security issues described above, several bug fixes preventing possible system crashes and data corruption were also included. Red Hat Enterprise Linux 5 users are advised to upgrade to these packages, which contain backported patches to resolve these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	27565
published	2007-10-25
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/27565
title	RHEL 5 : kernel (RHSA-2007:0940)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20071022_KERNEL_ON_SL5_X.NASL
description	These new kernel packages contain fixes for the following security issues : - A flaw was found in the backported stack unwinder fixes in Red Hat Enterprise Linux 5. On AMD64 and Intel 64 platforms, a local user could trigger this flaw and cause a denial of service. (CVE-2007-4574, Important) - A flaw was found in the handling of process death signals. This allowed a local user to send arbitrary signals to the suid-process executed by that user. A successful exploitation of this flaw depends on the structure of the suid-program and its signal handling. (CVE-2007-3848, Important) - A flaw was found in the Distributed Lock Manager (DLM) in the cluster manager. This allowed a remote user who is able to connect to the DLM port to cause a denial of service. (CVE-2007-3380, Important) - A flaw was found in the aacraid SCSI driver. This allowed a local user to make ioctl calls to the driver which should otherwise be restricted to privileged users. (CVE-2007-4308, Moderate) - A flaw was found in the prio_tree handling of the hugetlb support that allowed a local user to cause a denial of service. This only affected kernels with hugetlb support. (CVE-2007-4133, Moderate) - A flaw was found in the eHCA driver on PowerPC architectures that allowed a local user to access 60k of physical address space. This address space could contain sensitive information. (CVE-2007-3850, Moderate) - A flaw was found in ptrace support that allowed a local user to cause a denial of service via a NULL pointer dereference. (CVE-2007-3731, Moderate) - A flaw was found in the usblcd driver that allowed a local user to cause a denial of service by writing data to the device node. To exploit this issue, write access to the device node was needed. (CVE-2007-3513, Moderate) - A flaw was found in the random number generator implementation that allowed a local user to cause a denial of service or possibly gain privileges. If the root user raised the default wakeup threshold over the size of the output pool, this flaw could be exploited. (CVE-2007-3105, Low) In addition to the security issues described above, several bug fixes preventing possible system crashes and data corruption were also included.
last seen	2020-06-01
modified	2020-06-02
plugin id	60272
published	2012-08-01
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/60272
title	Scientific Linux Security Update : kernel on SL5.x i386/x86_64

Oval

accepted

2013-04-29T04:07:42.278-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 5
oval oval:org.mitre.oval:def:11414
comment The operating system installed on the system is CentOS Linux 5.x
oval oval:org.mitre.oval:def:15802
comment Oracle Linux 5.x
oval oval:org.mitre.oval:def:15459

description

family

unix

oval:org.mitre.oval:def:10681

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

Redhat

advisories

bugzilla

id	308811
title	CVE-2007-3850 kernel LTC31426-4k page mapping support for userspace in 64k kernels

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005

comment kernel earlier than 0:2.6.18-8.1.15.el5 is currently running
oval oval:com.redhat.rhsa:tst:20070940021
comment kernel earlier than 0:2.6.18-8.1.15.el5 is set to boot up on next boot
oval oval:com.redhat.rhsa:tst:20070940022

AND
comment kernel-doc is earlier than 0:2.6.18-8.1.15.el5
oval oval:com.redhat.rhsa:tst:20070940001
comment kernel-doc is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314002

AND

comment kernel-xen-devel is earlier than 0:2.6.18-8.1.15.el5
oval oval:com.redhat.rhsa:tst:20070940003
comment kernel-xen-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314020

AND

comment kernel-headers is earlier than 0:2.6.18-8.1.15.el5
oval oval:com.redhat.rhsa:tst:20070940005
comment kernel-headers is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314006

AND
comment kernel is earlier than 0:2.6.18-8.1.15.el5
oval oval:com.redhat.rhsa:tst:20070940007
comment kernel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314008
AND
comment kernel-xen is earlier than 0:2.6.18-8.1.15.el5
oval oval:com.redhat.rhsa:tst:20070940009
comment kernel-xen is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314018
AND
comment kernel-devel is earlier than 0:2.6.18-8.1.15.el5
oval oval:com.redhat.rhsa:tst:20070940011
comment kernel-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314016

AND

comment kernel-PAE-devel is earlier than 0:2.6.18-8.1.15.el5
oval oval:com.redhat.rhsa:tst:20070940013
comment kernel-PAE-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314022

AND
comment kernel-PAE is earlier than 0:2.6.18-8.1.15.el5
oval oval:com.redhat.rhsa:tst:20070940015
comment kernel-PAE is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314024

AND

comment kernel-kdump-devel is earlier than 0:2.6.18-8.1.15.el5
oval oval:com.redhat.rhsa:tst:20070940017
comment kernel-kdump-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314012

AND
comment kernel-kdump is earlier than 0:2.6.18-8.1.15.el5
oval oval:com.redhat.rhsa:tst:20070940019
comment kernel-kdump is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314010

rhsa

id	RHSA-2007:0940
released	2007-10-22
severity	Important
title	RHSA-2007:0940: kernel security update (Important)

rpms

kernel-0:2.6.18-8.1.15.el5
kernel-PAE-0:2.6.18-8.1.15.el5
kernel-PAE-debuginfo-0:2.6.18-8.1.15.el5
kernel-PAE-devel-0:2.6.18-8.1.15.el5
kernel-debuginfo-0:2.6.18-8.1.15.el5
kernel-debuginfo-common-0:2.6.18-8.1.15.el5
kernel-devel-0:2.6.18-8.1.15.el5
kernel-doc-0:2.6.18-8.1.15.el5
kernel-headers-0:2.6.18-8.1.15.el5
kernel-kdump-0:2.6.18-8.1.15.el5
kernel-kdump-debuginfo-0:2.6.18-8.1.15.el5
kernel-kdump-devel-0:2.6.18-8.1.15.el5
kernel-xen-0:2.6.18-8.1.15.el5
kernel-xen-debuginfo-0:2.6.18-8.1.15.el5
kernel-xen-devel-0:2.6.18-8.1.15.el5

Summary

Vulnerable Configurations

Nessus

Oval

Redhat

References