ID CVE-2007-0006
Summary The key serial number collision avoidance code in the key_alloc_serial function in Linux kernel 2.6.9 up to 2.6.20 allows local users to cause a denial of service (crash) via vectors that trigger a null dereference, as originally reported as "spinlock CPU recursion."
References
Vulnerable Configurations
  • cpe:2.3:o:linux:linux_kernel:2.6.9:2.6.20
    cpe:2.3:o:linux:linux_kernel:2.6.9:2.6.20
  • Linux Kernel 2.6.20
    cpe:2.3:o:linux:linux_kernel:2.6.20
CVSS
Base: 1.9 (as of 06-02-2007 - 17:25)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-047.NASL
    description Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel : A double free vulnerability in the squashfs module could allow a local user to cause a Denial of Service by mounting a crafted squashfs filesystem (CVE-2006-5701). The zlib_inflate function allows local users to cause a crash via a malformed filesystem that uses zlib compression that triggers memory corruption (CVE-2006-5823). The key serial number collision avoidance code in the key_alloc_serial function in kernels 2.6.9 up to 2.6.20 allows local users to cause a crash via vectors thatr trigger a null dereference (CVE-2007-0006). The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels immediately and reboot to effect the fixes. In addition to these security fixes, other fixes have been included such as : - New drivers: nozomi, UVC - Fixed SiS SATA support for chips on 966/968 bridges - Fixed issues in squashfs by updating to 3.2 (#27008) - Added support for SiS968 bridgest to the sis190 bridge - Fixed JMicron cable detection - Added /proc/config.gz support and enabled kexec on x86_64 - Other minor fixes To update your kernel, please follow the directions located at : http://www.mandriva.com/en/security/kernelupdate
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 24689
    published 2007-02-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24689
    title Mandrake Linux Security Advisory : kernel (MDKSA-2007:047)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0085.NASL
    description From Red Hat Security Advisory 2007:0085 : Updated kernel packages that fix two security issues and a bug in the Red Hat Enterprise Linux 4 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for two security issues : * a flaw in the key serial number collision avoidance algorithm of the keyctl subsystem that allowed a local user to cause a denial of service (CVE-2007-0006, Important) * a flaw in the file watch implementation of the audit subsystems that allowed a local user to cause a denial of service (panic). To exploit this flaw a privileged user must have previously created a watch for a file (CVE-2007-0001, Moderate) In addition to the security issues described above, a fix for the SCTP subsystem to address a system crash which may be experienced in Telco environments has been included. Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architecture and configurations as listed in this erratum.
    last seen 2019-02-21
    modified 2018-08-13
    plugin id 67456
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67456
    title Oracle Linux 4 : kernel (ELSA-2007-0085)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0085.NASL
    description Updated kernel packages that fix two security issues and a bug in the Red Hat Enterprise Linux 4 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for two security issues : * a flaw in the key serial number collision avoidance algorithm of the keyctl subsystem that allowed a local user to cause a denial of service (CVE-2007-0006, Important) * a flaw in the file watch implementation of the audit subsystems that allowed a local user to cause a denial of service (panic). To exploit this flaw a privileged user must have previously created a watch for a file (CVE-2007-0001, Moderate) In addition to the security issues described above, a fix for the SCTP subsystem to address a system crash which may be experienced in Telco environments has been included. Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architecture and configurations as listed in this erratum.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 24727
    published 2007-02-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24727
    title CentOS 4 : kernel (CESA-2007:0085)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_KERNEL-2705.NASL
    description This kernel update fixes the following security problems : - CVE-2006-5751: An integer overflow in the networking bridge ioctl starting with Kernel 2.6.7 could be used by local attackers to overflow kernel memory buffers and potentially escalate privileges [#222656] - CVE-2006-6106: Multiple buffer overflows in the cmtp_recv_interopmsg function in the Bluetooth driver (net/bluetooth/cmtp/capi.c) in the Linux kernel allowed remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via CAPI messages with a large value for the length of the (1) manu (manufacturer) or (2) serial (serial number) field. [#227603] - CVE-2006-5749: The isdn_ppp_ccp_reset_alloc_state function in drivers/isdn/isdn_ppp.c in the Linux kernel does not call the init_timer function for the ISDN PPP CCP reset state timer, which has unknown attack vectors and results in a system crash. [#229619] - CVE-2006-5753: Unspecified vulnerability in the listxattr system call in Linux kernel, when a 'bad inode' is present, allows local users to cause a denial of service (data corruption) and possibly gain privileges. [#230270] - CVE-2007-0006: The key serial number collision avoidance code in the key_alloc_serial function allows local users to cause a denial of service (crash) via vectors that trigger a null dereference. [#243003] - CVE-2007-0772: A remote denial of service problem on NFSv2 mounts with ACL enabled was fixed. [#244909] Furthermore, it catches up to the mainline kernel, version 2.6.18.8, and contains a large number of additional fixes for non security bugs.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27293
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27293
    title openSUSE 10 Security Update : kernel (kernel-2705)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0085.NASL
    description Updated kernel packages that fix two security issues and a bug in the Red Hat Enterprise Linux 4 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for two security issues : * a flaw in the key serial number collision avoidance algorithm of the keyctl subsystem that allowed a local user to cause a denial of service (CVE-2007-0006, Important) * a flaw in the file watch implementation of the audit subsystems that allowed a local user to cause a denial of service (panic). To exploit this flaw a privileged user must have previously created a watch for a file (CVE-2007-0001, Moderate) In addition to the security issues described above, a fix for the SCTP subsystem to address a system crash which may be experienced in Telco environments has been included. Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architecture and configurations as listed in this erratum.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 24724
    published 2007-02-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24724
    title RHEL 4 : kernel (RHSA-2007:0085)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0099.NASL
    description Updated kernel packages that fix security issues and bugs in the Red Hat Enterprise Linux 5 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the following security issues : * a flaw in the key serial number collision avoidance algorithm of the keyctl subsystem that allowed a local user to cause a denial of service (CVE-2007-0006, Important) * a flaw in the Omnikey CardMan 4040 driver that allowed a local user to execute arbitrary code with kernel privileges. In order to exploit this issue, the Omnikey CardMan 4040 PCMCIA card must be present and the local user must have access rights to the character device created by the driver. (CVE-2007-0005, Moderate) * a flaw in the core-dump handling that allowed a local user to create core dumps from unreadable binaries via PT_INTERP. (CVE-2007-0958, Low) In addition to the security issues described above, a fix for a kernel panic in the powernow-k8 module, and a fix for a kernel panic when booting the Xen domain-0 on system with large memory installations have been included. Red Hat would like to thank Daniel Roethlisberger for reporting an issue fixed in this erratum. Red Hat Enterprise Linux 5 users are advised to upgrade their kernels to the packages associated with their machine architecture and configurations as listed in this erratum.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 25319
    published 2007-05-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25319
    title RHEL 5 : kernel (RHSA-2007:0099)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-451-1.NASL
    description The kernel key management code did not correctly handle key reuse. A local attacker could create many key requests, leading to a denial of service. (CVE-2007-0006) The kernel NFS code did not correctly validate NFSACL2 ACCESS requests. If a system was serving NFS mounts, a remote attacker could send a specially crafted packet, leading to a denial of service. (CVE-2007-0772) When dumping core, the kernel did not correctly handle PT_INTERP processes. A local attacker could create situations where they could read the contents of otherwise unreadable executable programs. (CVE-2007-0958). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 28048
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28048
    title Ubuntu 6.06 LTS / 6.10 : linux-source-2.6.15/2.6.17 vulnerabilities (USN-451-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-060.NASL
    description Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel : The 2.6.17 kernel and earlier, when running on IA64 and SPARC platforms would allow a local user to cause a DoS (crash) via a malformed ELF file (CVE-2006-4538). The mincore function in the Linux kernel did not properly lock access to user space, which has unspecified impact and attack vectors, possibly related to a deadlock (CVE-2006-4814). An unspecified vulnerability in the listxattr system call, when a 'bad inode' is present, could allow a local user to cause a DoS (data corruption) and possibly gain privileges via unknown vectors (CVE-2006-5753). The zlib_inflate function allows local users to cause a crash via a malformed filesystem that uses zlib compression that triggers memory corruption (CVE-2006-5823). The ext3fs_dirhash function could allow local users to cause a DoS (crash) via an ext3 stream with malformed data structures (CVE-2006-6053). When SELinux hooks are enabled, the kernel could allow a local user to cause a DoS (crash) via a malformed file stream that triggers a NULL pointer derefernece (CVE-2006-6056). The key serial number collision avoidance code in the key_alloc_serial function in kernels 2.6.9 up to 2.6.20 allows local users to cause a crash via vectors thatr trigger a null dereference (CVE-2007-0006). The Linux kernel version 2.6.13 to 2.6.20.1 allowed a remote attacker to cause a DoS (oops) via a crafted NFSACL2 ACCESS request that triggered a free of an incorrect pointer (CVE-2007-0772). A local user could read unreadable binaries by using the interpreter (PT_INTERP) functionality and triggering a core dump; a variant of CVE-2004-1073 (CVE-2007-0958). The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels immediately and reboot to effect the fixes. In addition to these security fixes, other fixes have been included such as : - add PCI IDs for cciss driver (HP ML370G5 / DL360G5) - fixed a mssive SCSI reset on megasas (Dell PE2960) - increased port-reset completion delay for HP controllers (HP ML350) - NUMA rnage fixes for x86_64 - various netfilter fixes To update your kernel, please follow the directions located at : http://www.mandriva.com/en/security/kernelupdate
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 24810
    published 2007-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24810
    title Mandrake Linux Security Advisory : kernel (MDKSA-2007:060)
oval via4
accepted 2013-04-29T04:22:35.392-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description The key serial number collision avoidance code in the key_alloc_serial function in Linux kernel 2.6.9 up to 2.6.20 allows local users to cause a denial of service (crash) via vectors that trigger a null dereference, as originally reported as "spinlock CPU recursion."
family unix
id oval:org.mitre.oval:def:9829
status accepted
submitted 2010-07-09T03:56:16-04:00
title The key serial number collision avoidance code in the key_alloc_serial function in Linux kernel 2.6.9 up to 2.6.20 allows local users to cause a denial of service (crash) via vectors that trigger a null dereference, as originally reported as "spinlock CPU recursion."
version 24
redhat via4
advisories
  • bugzilla
    id 227495
    title CVE-2007-0006 Key serial number collision problem
    oval
    AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhba:tst:20070304001
    • OR
      • AND
        • comment kernel is earlier than 0:2.6.9-42.0.10.EL
          oval oval:com.redhat.rhsa:tst:20070085002
        • comment kernel is signed with Red Hat master key
          oval oval:com.redhat.rhba:tst:20070304003
      • AND
        • comment kernel-devel is earlier than 0:2.6.9-42.0.10.EL
          oval oval:com.redhat.rhsa:tst:20070085004
        • comment kernel-devel is signed with Red Hat master key
          oval oval:com.redhat.rhba:tst:20070304005
      • AND
        • comment kernel-doc is earlier than 0:2.6.9-42.0.10.EL
          oval oval:com.redhat.rhsa:tst:20070085018
        • comment kernel-doc is signed with Red Hat master key
          oval oval:com.redhat.rhba:tst:20070304023
      • AND
        • comment kernel-hugemem is earlier than 0:2.6.9-42.0.10.EL
          oval oval:com.redhat.rhsa:tst:20070085014
        • comment kernel-hugemem is signed with Red Hat master key
          oval oval:com.redhat.rhba:tst:20070304021
      • AND
        • comment kernel-hugemem-devel is earlier than 0:2.6.9-42.0.10.EL
          oval oval:com.redhat.rhsa:tst:20070085016
        • comment kernel-hugemem-devel is signed with Red Hat master key
          oval oval:com.redhat.rhba:tst:20070304019
      • AND
        • comment kernel-largesmp is earlier than 0:2.6.9-42.0.10.EL
          oval oval:com.redhat.rhsa:tst:20070085012
        • comment kernel-largesmp is signed with Red Hat master key
          oval oval:com.redhat.rhba:tst:20070304017
      • AND
        • comment kernel-largesmp-devel is earlier than 0:2.6.9-42.0.10.EL
          oval oval:com.redhat.rhsa:tst:20070085008
        • comment kernel-largesmp-devel is signed with Red Hat master key
          oval oval:com.redhat.rhba:tst:20070304013
      • AND
        • comment kernel-smp is earlier than 0:2.6.9-42.0.10.EL
          oval oval:com.redhat.rhsa:tst:20070085006
        • comment kernel-smp is signed with Red Hat master key
          oval oval:com.redhat.rhba:tst:20070304009
      • AND
        • comment kernel-smp-devel is earlier than 0:2.6.9-42.0.10.EL
          oval oval:com.redhat.rhsa:tst:20070085010
        • comment kernel-smp-devel is signed with Red Hat master key
          oval oval:com.redhat.rhba:tst:20070304015
    rhsa
    id RHSA-2007:0085
    released 2007-02-27
    severity Important
    title RHSA-2007:0085: kernel security update (Important)
  • rhsa
    id RHSA-2007:0099
rpms
  • kernel-0:2.6.9-42.0.10.EL
  • kernel-devel-0:2.6.9-42.0.10.EL
  • kernel-doc-0:2.6.9-42.0.10.EL
  • kernel-hugemem-0:2.6.9-42.0.10.EL
  • kernel-hugemem-devel-0:2.6.9-42.0.10.EL
  • kernel-largesmp-0:2.6.9-42.0.10.EL
  • kernel-largesmp-devel-0:2.6.9-42.0.10.EL
  • kernel-smp-0:2.6.9-42.0.10.EL
  • kernel-smp-devel-0:2.6.9-42.0.10.EL
  • kernel-0:2.6.18-8.1.1.el5
  • kernel-PAE-0:2.6.18-8.1.1.el5
  • kernel-PAE-devel-0:2.6.18-8.1.1.el5
  • kernel-devel-0:2.6.18-8.1.1.el5
  • kernel-doc-0:2.6.18-8.1.1.el5
  • kernel-headers-0:2.6.18-8.1.1.el5
  • kernel-kdump-0:2.6.18-8.1.1.el5
  • kernel-kdump-devel-0:2.6.18-8.1.1.el5
  • kernel-xen-0:2.6.18-8.1.1.el5
  • kernel-xen-devel-0:2.6.18-8.1.1.el5
refmap via4
bid 22539
bugtraq 20070615 rPSA-2007-0124-1 kernel xen
confirm
mandriva
  • MDKSA-2007:047
  • MDKSA-2007:060
secunia
  • 24109
  • 24259
  • 24300
  • 24429
  • 24482
  • 24547
  • 24752
  • 25691
suse SUSE-SA:2007:021
ubuntu USN-451-1
Last major update 15-09-2010 - 00:00
Published 06-02-2007 - 14:28
Last modified 10-10-2017 - 21:31
Back to Top