ID CVE-2007-1861
Summary The nl_fib_lookup function in net/ipv4/fib_frontend.c in Linux Kernel before 2.6.20.8 allows attackers to cause a denial of service (kernel panic) via NETLINK_FIB_LOOKUP replies, which trigger infinite recursion and a stack overflow.
References
Vulnerable Configurations
  • Linux Kernel 2.6.0
    cpe:2.3:o:linux:linux_kernel:2.6.0
  • Linux Kernel 2.6.1
    cpe:2.3:o:linux:linux_kernel:2.6.1
  • Linux Kernel 2.6.2
    cpe:2.3:o:linux:linux_kernel:2.6.2
  • Linux Kernel 2.6.3
    cpe:2.3:o:linux:linux_kernel:2.6.3
  • Linux Kernel 2.6.4
    cpe:2.3:o:linux:linux_kernel:2.6.4
  • Linux Kernel 2.6.5
    cpe:2.3:o:linux:linux_kernel:2.6.5
  • Linux Kernel 2.6.6
    cpe:2.3:o:linux:linux_kernel:2.6.6
  • Linux Kernel 2.6.7
    cpe:2.3:o:linux:linux_kernel:2.6.7
  • Linux Kernel 2.6.8
    cpe:2.3:o:linux:linux_kernel:2.6.8
  • Linux Kernel 2.6.8.1
    cpe:2.3:o:linux:linux_kernel:2.6.8.1
  • Linux Kernel 2.6.9
    cpe:2.3:o:linux:linux_kernel:2.6.9
  • Linux Kernel 2.6.10
    cpe:2.3:o:linux:linux_kernel:2.6.10
  • Linux Kernel 2.6.11
    cpe:2.3:o:linux:linux_kernel:2.6.11
  • Linux Kernel 2.6.11.1
    cpe:2.3:o:linux:linux_kernel:2.6.11.1
  • Linux Kernel 2.6.11.2
    cpe:2.3:o:linux:linux_kernel:2.6.11.2
  • Linux Kernel 2.6.11.3
    cpe:2.3:o:linux:linux_kernel:2.6.11.3
  • Linux Kernel 2.6.11.4
    cpe:2.3:o:linux:linux_kernel:2.6.11.4
  • Linux Kernel 2.6.11.5
    cpe:2.3:o:linux:linux_kernel:2.6.11.5
  • Linux Kernel 2.6.11.6
    cpe:2.3:o:linux:linux_kernel:2.6.11.6
  • Linux Kernel 2.6.11.10
    cpe:2.3:o:linux:linux_kernel:2.6.11.10
  • Linux Kernel 2.6.11.11
    cpe:2.3:o:linux:linux_kernel:2.6.11.11
  • Linux Kernel 2.6.11.12
    cpe:2.3:o:linux:linux_kernel:2.6.11.12
  • Linux Kernel 2.6.12
    cpe:2.3:o:linux:linux_kernel:2.6.12
  • Linux Kernel 2.6.12.1
    cpe:2.3:o:linux:linux_kernel:2.6.12.1
  • Linux Kernel 2.6.12.2
    cpe:2.3:o:linux:linux_kernel:2.6.12.2
  • Linux Kernel 2.6.12.3
    cpe:2.3:o:linux:linux_kernel:2.6.12.3
  • Linux Kernel 2.6.12.4
    cpe:2.3:o:linux:linux_kernel:2.6.12.4
  • Linux Kernel 2.6.12.5
    cpe:2.3:o:linux:linux_kernel:2.6.12.5
  • Linux Kernel 2.6.12.6
    cpe:2.3:o:linux:linux_kernel:2.6.12.6
  • Linux Kernel 2.6.13
    cpe:2.3:o:linux:linux_kernel:2.6.13
  • Linux Kernel 2.6.13.1
    cpe:2.3:o:linux:linux_kernel:2.6.13.1
  • Linux Kernel 2.6.13.2
    cpe:2.3:o:linux:linux_kernel:2.6.13.2
  • Linux Kernel 2.6.13.3
    cpe:2.3:o:linux:linux_kernel:2.6.13.3
  • Linux Kernel 2.6.13.4
    cpe:2.3:o:linux:linux_kernel:2.6.13.4
  • Linux Kernel 2.6.13.5
    cpe:2.3:o:linux:linux_kernel:2.6.13.5
  • Linux Kernel 2.6.14
    cpe:2.3:o:linux:linux_kernel:2.6.14
  • Linux Kernel 2.6.14.1
    cpe:2.3:o:linux:linux_kernel:2.6.14.1
  • Linux Kernel 2.6.14.2
    cpe:2.3:o:linux:linux_kernel:2.6.14.2
  • Linux Kernel 2.6.14.3
    cpe:2.3:o:linux:linux_kernel:2.6.14.3
  • Linux Kernel 2.6.14.4
    cpe:2.3:o:linux:linux_kernel:2.6.14.4
  • Linux Kernel 2.6.14.5
    cpe:2.3:o:linux:linux_kernel:2.6.14.5
  • Linux Kernel 2.6.14.6
    cpe:2.3:o:linux:linux_kernel:2.6.14.6
  • Linux Kernel 2.6.14.7
    cpe:2.3:o:linux:linux_kernel:2.6.14.7
  • Linux Kernel 2.6.15
    cpe:2.3:o:linux:linux_kernel:2.6.15
  • Linux Kernel 2.6.15.1
    cpe:2.3:o:linux:linux_kernel:2.6.15.1
  • Linux Kernel 2.6.15.2
    cpe:2.3:o:linux:linux_kernel:2.6.15.2
  • Linux Kernel 2.6.15.3
    cpe:2.3:o:linux:linux_kernel:2.6.15.3
  • Linux Kernel 2.6.15.4
    cpe:2.3:o:linux:linux_kernel:2.6.15.4
  • Linux Kernel 2.6.15.5
    cpe:2.3:o:linux:linux_kernel:2.6.15.5
  • Linux Kernel 2.6.15.6
    cpe:2.3:o:linux:linux_kernel:2.6.15.6
  • Linux Kernel 2.6.15.7
    cpe:2.3:o:linux:linux_kernel:2.6.15.7
  • Linux Kernel 2.6.16
    cpe:2.3:o:linux:linux_kernel:2.6.16
  • Linux Kernel 2.6.16.1
    cpe:2.3:o:linux:linux_kernel:2.6.16.1
  • Linux Kernel 2.6.16.2
    cpe:2.3:o:linux:linux_kernel:2.6.16.2
  • Linux Kernel 2.6.16.3
    cpe:2.3:o:linux:linux_kernel:2.6.16.3
  • Linux Kernel 2.6.16.4
    cpe:2.3:o:linux:linux_kernel:2.6.16.4
  • Linux Kernel 2.6.16.5
    cpe:2.3:o:linux:linux_kernel:2.6.16.5
  • Linux Kernel 2.6.16.6
    cpe:2.3:o:linux:linux_kernel:2.6.16.6
  • Linux Kernel 2.6.16.7
    cpe:2.3:o:linux:linux_kernel:2.6.16.7
  • Linux Kernel 2.6.16.8
    cpe:2.3:o:linux:linux_kernel:2.6.16.8
  • Linux Kernel 2.6.16.9
    cpe:2.3:o:linux:linux_kernel:2.6.16.9
  • Linux Kernel 2.6.16.10
    cpe:2.3:o:linux:linux_kernel:2.6.16.10
  • Linux Kernel 2.6.16.11
    cpe:2.3:o:linux:linux_kernel:2.6.16.11
  • Linux Kernel 2.6.16.12
    cpe:2.3:o:linux:linux_kernel:2.6.16.12
  • Linux Kernel 2.6.16.13
    cpe:2.3:o:linux:linux_kernel:2.6.16.13
  • Linux Kernel 2.6.16.14
    cpe:2.3:o:linux:linux_kernel:2.6.16.14
  • Linux Kernel 2.6.16.15
    cpe:2.3:o:linux:linux_kernel:2.6.16.15
  • Linux Kernel 2.6.16.16
    cpe:2.3:o:linux:linux_kernel:2.6.16.16
  • Linux Kernel 2.6.16.17
    cpe:2.3:o:linux:linux_kernel:2.6.16.17
  • Linux Kernel 2.6.16.18
    cpe:2.3:o:linux:linux_kernel:2.6.16.18
  • Linux Kernel 2.6.16.19
    cpe:2.3:o:linux:linux_kernel:2.6.16.19
  • Linux Kernel 2.6.16.20
    cpe:2.3:o:linux:linux_kernel:2.6.16.20
  • Linux Kernel 2.6.16.21
    cpe:2.3:o:linux:linux_kernel:2.6.16.21
  • Linux Kernel 2.6.16.22
    cpe:2.3:o:linux:linux_kernel:2.6.16.22
  • Linux Kernel 2.6.16.23
    cpe:2.3:o:linux:linux_kernel:2.6.16.23
  • Linux Kernel 2.6.16.24
    cpe:2.3:o:linux:linux_kernel:2.6.16.24
  • Linux Kernel 2.6.16.25
    cpe:2.3:o:linux:linux_kernel:2.6.16.25
  • Linux Kernel 2.6.16.26
    cpe:2.3:o:linux:linux_kernel:2.6.16.26
  • Linux Kernel 2.6.16.27
    cpe:2.3:o:linux:linux_kernel:2.6.16.27
  • Linux Kernel 2.6.16.28
    cpe:2.3:o:linux:linux_kernel:2.6.16.28
  • Linux Kernel 2.6.16.29
    cpe:2.3:o:linux:linux_kernel:2.6.16.29
  • Linux Kernel 2.6.16.30
    cpe:2.3:o:linux:linux_kernel:2.6.16.30
  • Linux Kernel 2.6.16.31
    cpe:2.3:o:linux:linux_kernel:2.6.16.31
  • Linux Kernel 2.6.16.32
    cpe:2.3:o:linux:linux_kernel:2.6.16.32
  • Linux Kernel 2.6.16.33
    cpe:2.3:o:linux:linux_kernel:2.6.16.33
  • Linux Kernel 2.6.16.34
    cpe:2.3:o:linux:linux_kernel:2.6.16.34
  • Linux Kernel 2.6.16.35
    cpe:2.3:o:linux:linux_kernel:2.6.16.35
  • Linux Kernel 2.6.16.36
    cpe:2.3:o:linux:linux_kernel:2.6.16.36
  • Linux Kernel 2.6.16.37
    cpe:2.3:o:linux:linux_kernel:2.6.16.37
  • Linux Kernel 2.6.16.38
    cpe:2.3:o:linux:linux_kernel:2.6.16.38
  • Linux Kernel 2.6.16.39
    cpe:2.3:o:linux:linux_kernel:2.6.16.39
  • Linux Kernel 2.6.16.40
    cpe:2.3:o:linux:linux_kernel:2.6.16.40
  • Linux Kernel 2.6.16.41
    cpe:2.3:o:linux:linux_kernel:2.6.16.41
  • Linux Kernel 2.6.16.42
    cpe:2.3:o:linux:linux_kernel:2.6.16.42
  • Linux Kernel 2.6.16.43
    cpe:2.3:o:linux:linux_kernel:2.6.16.43
  • Linux Kernel 2.6.16.44
    cpe:2.3:o:linux:linux_kernel:2.6.16.44
  • Linux Kernel 2.6.16.45
    cpe:2.3:o:linux:linux_kernel:2.6.16.45
  • Linux Kernel 2.6.16.46
    cpe:2.3:o:linux:linux_kernel:2.6.16.46
  • Linux Kernel 2.6.16.47
    cpe:2.3:o:linux:linux_kernel:2.6.16.47
  • Linux Kernel 2.6.16.48
    cpe:2.3:o:linux:linux_kernel:2.6.16.48
  • Linux Kernel 2.6.16.49
    cpe:2.3:o:linux:linux_kernel:2.6.16.49
  • Linux Kernel 2.6.16.50
    cpe:2.3:o:linux:linux_kernel:2.6.16.50
  • Linux Kernel 2.6.16.51
    cpe:2.3:o:linux:linux_kernel:2.6.16.51
  • Linux Kernel 2.6.16.52
    cpe:2.3:o:linux:linux_kernel:2.6.16.52
  • Linux Kernel 2.6.16.53
    cpe:2.3:o:linux:linux_kernel:2.6.16.53
  • Linux Kernel 2.6.16.54
    cpe:2.3:o:linux:linux_kernel:2.6.16.54
  • Linux Kernel 2.16.55
    cpe:2.3:o:linux:linux_kernel:2.6.16.55
  • Linux Kernel 2.6.16.56
    cpe:2.3:o:linux:linux_kernel:2.6.16.56
  • Linux Kernel 2.6.16.57
    cpe:2.3:o:linux:linux_kernel:2.6.16.57
  • Linux Kernel 2.6.16.58
    cpe:2.3:o:linux:linux_kernel:2.6.16.58
  • Linux Kernel 2.6.16.59
    cpe:2.3:o:linux:linux_kernel:2.6.16.59
  • Linux Kernel 2.6.16.60
    cpe:2.3:o:linux:linux_kernel:2.6.16.60
  • Linux Kernel 2.6.16.61
    cpe:2.3:o:linux:linux_kernel:2.6.16.61
  • Linux Kernel 2.6.16.62
    cpe:2.3:o:linux:linux_kernel:2.6.16.62
  • Linux Kernel 2.6.17
    cpe:2.3:o:linux:linux_kernel:2.6.17
  • Linux Kernel 2.6.17.1
    cpe:2.3:o:linux:linux_kernel:2.6.17.1
  • Linux Kernel 2.6.17.2
    cpe:2.3:o:linux:linux_kernel:2.6.17.2
  • Linux Kernel 2.6.17.3
    cpe:2.3:o:linux:linux_kernel:2.6.17.3
  • Linux Kernel 2.6.17.4
    cpe:2.3:o:linux:linux_kernel:2.6.17.4
  • Linux Kernel 2.6.17.5
    cpe:2.3:o:linux:linux_kernel:2.6.17.5
  • Linux Kernel 2.6.17.6
    cpe:2.3:o:linux:linux_kernel:2.6.17.6
  • Linux Kernel 2.6.17.7
    cpe:2.3:o:linux:linux_kernel:2.6.17.7
  • Linux Kernel 2.6.17.8
    cpe:2.3:o:linux:linux_kernel:2.6.17.8
  • Linux Kernel 2.6.17.9
    cpe:2.3:o:linux:linux_kernel:2.6.17.9
  • Linux Kernel 2.6.17.10
    cpe:2.3:o:linux:linux_kernel:2.6.17.10
  • Linux Kernel 2.6.17.11
    cpe:2.3:o:linux:linux_kernel:2.6.17.11
  • Linux Kernel 2.6.17.12
    cpe:2.3:o:linux:linux_kernel:2.6.17.12
  • Linux Kernel 2.6.17.13
    cpe:2.3:o:linux:linux_kernel:2.6.17.13
  • Linux Kernel 2.6.17.14
    cpe:2.3:o:linux:linux_kernel:2.6.17.14
  • Linux Kernel 2.6.18
    cpe:2.3:o:linux:linux_kernel:2.6.18
  • Linux Kernel 2.6.18.1
    cpe:2.3:o:linux:linux_kernel:2.6.18.1
  • Linux Kernel 2.6.18.3
    cpe:2.3:o:linux:linux_kernel:2.6.18.3
  • Linux Kernel 2.6.18.5
    cpe:2.3:o:linux:linux_kernel:2.6.18.5
  • Linux Kernel 2.6.18.6
    cpe:2.3:o:linux:linux_kernel:2.6.18.6
  • Linux Kernel 2.6.18.8
    cpe:2.3:o:linux:linux_kernel:2.6.18.8
  • Linux Kernel 2.6.19
    cpe:2.3:o:linux:linux_kernel:2.6.19
  • Linux Kernel 2.6.19.2
    cpe:2.3:o:linux:linux_kernel:2.6.19.2
  • Linux Kernel 2.6.19.3
    cpe:2.3:o:linux:linux_kernel:2.6.19.3
  • Linux Kernel 2.6.19.4
    cpe:2.3:o:linux:linux_kernel:2.6.19.4
  • Linux Kernel 2.6.19.5
    cpe:2.3:o:linux:linux_kernel:2.6.19.5
  • Linux Kernel 2.6.19.6
    cpe:2.3:o:linux:linux_kernel:2.6.19.6
  • Linux Kernel 2.6.19.7
    cpe:2.3:o:linux:linux_kernel:2.6.19.7
  • Linux Kernel 2.6.20
    cpe:2.3:o:linux:linux_kernel:2.6.20
  • Linux Kernel 2.6.20.1
    cpe:2.3:o:linux:linux_kernel:2.6.20.1
  • Linux Kernel 2.6.20.2
    cpe:2.3:o:linux:linux_kernel:2.6.20.2
  • Linux Kernel 2.6.20.3
    cpe:2.3:o:linux:linux_kernel:2.6.20.3
  • Linux Kernel 2.6.20.4
    cpe:2.3:o:linux:linux_kernel:2.6.20.4
  • Linux Kernel 2.6.20.5
    cpe:2.3:o:linux:linux_kernel:2.6.20.5
  • Linux Kernel 2.6.20.6
    cpe:2.3:o:linux:linux_kernel:2.6.20.6
  • Linux Kernel 2.6.20.7
    cpe:2.3:o:linux:linux_kernel:2.6.20.7
  • Linux Kernel 2.6.20.8
    cpe:2.3:o:linux:linux_kernel:2.6.20.8
CVSS
Base: 4.9 (as of 08-05-2007 - 14:29)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
exploit-db via4
description Linux Kernel 2.6.x NETLINK_FIB_LOOKUP Local Denial of Service Vulnerability. CVE-2007-1861. Dos exploit for linux platform
id EDB-ID:29916
last seen 2016-02-03
modified 2007-04-26
published 2007-04-26
reporter Alexey Kuznetsov
source https://www.exploit-db.com/download/29916/
title Linux Kernel 2.6.x - NETLINK_FIB_LOOKUP Local Denial of Service Vulnerability
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1289.NASL
    description Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1496 Michal Miroslaw reported a DoS vulnerability (crash) in netfilter. A remote attacker can cause a NULL pointer dereference in the nfnetlink_log function. - CVE-2007-1497 Patrick McHardy reported an vulnerability in netfilter that may allow attackers to bypass certain firewall rules. The nfctinfo value of reassembled IPv6 packet fragments were incorrectly initialized to 0 which allowed these packets to become tracked as ESTABLISHED. - CVE-2007-1861 Jaco Kroon reported a bug in which NETLINK_FIB_LOOKUP packages were incorrectly routed back to the kernel resulting in an infinite recursion condition. Local users can exploit this behavior to cause a DoS (crash).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 25226
    published 2007-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25226
    title Debian DSA-1289-1 : linux-2.6 - several vulnerabilities
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20070516_KERNEL_ON_SL5_X.NASL
    description These new kernel packages contain fixes for the following security issues : - a flaw in the handling of IPv6 type 0 routing headers that allowed remote users to cause a denial of service that led to a network amplification between two routers (CVE-2007-2242, Important). - a flaw in the nfnetlink_log netfilter module that allowed a local user to cause a denial of service (CVE-2007-1496, Important). - a flaw in the flow list of listening IPv6 sockets that allowed a local user to cause a denial of service (CVE-2007-1592, Important). - a flaw in the handling of netlink messages that allowed a local user to cause a denial of service (infinite recursion) (CVE-2007-1861, Important). - a flaw in the IPv4 forwarding base that allowed a local user to cause an out-of-bounds access (CVE-2007-2172, Important). - a flaw in the nf_conntrack netfilter module for IPv6 that allowed remote users to bypass certain netfilter rules using IPv6 fragments (CVE-2007-1497, Moderate). In addition to the security issues described above, fixes for the following have been included : - a regression in ipv6 routing. - an error in memory initialization that caused gdb to output inaccurate backtraces on ia64. - the nmi watchdog timeout was updated from 5 to 30 seconds. - a flaw in distributed lock management that could result in errors during virtual machine migration. - an omitted include in kernel-headers that led to compile failures for some packages.
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60181
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60181
    title Scientific Linux Security Update : kernel on SL5.x i386/x86_64
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201301-01.NASL
    description The remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL’s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser’s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 63402
    published 2013-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63402
    title GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0347.NASL
    description From Red Hat Security Advisory 2007:0347 : Updated kernel packages that fix security issues and bugs in the Red Hat Enterprise Linux 5 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the following security issues : * a flaw in the handling of IPv6 type 0 routing headers that allowed remote users to cause a denial of service that led to a network amplification between two routers (CVE-2007-2242, Important). * a flaw in the nfnetlink_log netfilter module that allowed a local user to cause a denial of service (CVE-2007-1496, Important). * a flaw in the flow list of listening IPv6 sockets that allowed a local user to cause a denial of service (CVE-2007-1592, Important). * a flaw in the handling of netlink messages that allowed a local user to cause a denial of service (infinite recursion) (CVE-2007-1861, Important). * a flaw in the IPv4 forwarding base that allowed a local user to cause an out-of-bounds access (CVE-2007-2172, Important). * a flaw in the nf_conntrack netfilter module for IPv6 that allowed remote users to bypass certain netfilter rules using IPv6 fragments (CVE-2007-1497, Moderate). In addition to the security issues described above, fixes for the following have been included : * a regression in ipv6 routing. * an error in memory initialization that caused gdb to output inaccurate backtraces on ia64. * the nmi watchdog timeout was updated from 5 to 30 seconds. * a flaw in distributed lock management that could result in errors during virtual machine migration. * an omitted include in kernel-headers that led to compile failures for some packages. Red Hat Enterprise Linux 5 users are advised to upgrade to these packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67495
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67495
    title Oracle Linux 5 : kernel (ELSA-2007-0347)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-486-1.NASL
    description The compat_sys_mount function allowed local users to cause a denial of service when mounting a smbfs filesystem in compatibility mode. (CVE-2006-7203) The Omnikey CardMan 4040 driver (cm4040_cs) did not limit the size of buffers passed to read() and write(). A local attacker could exploit this to execute arbitrary code with kernel privileges. (CVE-2007-0005) Due to a variable handling flaw in the ipv6_getsockopt_sticky() function a local attacker could exploit the getsockopt() calls to read arbitrary kernel memory. This could disclose sensitive data. (CVE-2007-1000) Ilja van Sprundel discovered that Bluetooth setsockopt calls could leak kernel memory contents via an uninitialized stack buffer. A local attacker could exploit this flaw to view sensitive kernel information. (CVE-2007-1353) A flaw was discovered in the handling of netlink messages. Local attackers could cause infinite recursion leading to a denial of service. (CVE-2007-1861) A flaw was discovered in the IPv6 stack's handling of type 0 route headers. By sending a specially crafted IPv6 packet, a remote attacker could cause a denial of service between two IPv6 hosts. (CVE-2007-2242) The random number generator was hashing a subset of the available entropy, leading to slightly less random numbers. Additionally, systems without an entropy source would be seeded with the same inputs at boot time, leading to a repeatable series of random numbers. (CVE-2007-2453) A flaw was discovered in the PPP over Ethernet implementation. Local attackers could manipulate ioctls and cause kernel memory consumption leading to a denial of service. (CVE-2007-2525) An integer underflow was discovered in the cpuset filesystem. If mounted, local attackers could obtain kernel memory using large file offsets while reading the tasks file. This could disclose sensitive data. (CVE-2007-2875) Vilmos Nebehaj discovered that the SCTP netfilter code did not correctly validate certain states. A remote attacker could send a specially crafted packet causing a denial of service. (CVE-2007-2876) Luca Tettamanti discovered a flaw in the VFAT compat ioctls on 64-bit systems. A local attacker could corrupt a kernel_dirent struct and cause a denial of service. (CVE-2007-2878). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 28087
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28087
    title Ubuntu 6.10 : linux-source-2.6.17 vulnerabilities (USN-486-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0347.NASL
    description Updated kernel packages that fix security issues and bugs in the Red Hat Enterprise Linux 5 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the following security issues : * a flaw in the handling of IPv6 type 0 routing headers that allowed remote users to cause a denial of service that led to a network amplification between two routers (CVE-2007-2242, Important). * a flaw in the nfnetlink_log netfilter module that allowed a local user to cause a denial of service (CVE-2007-1496, Important). * a flaw in the flow list of listening IPv6 sockets that allowed a local user to cause a denial of service (CVE-2007-1592, Important). * a flaw in the handling of netlink messages that allowed a local user to cause a denial of service (infinite recursion) (CVE-2007-1861, Important). * a flaw in the IPv4 forwarding base that allowed a local user to cause an out-of-bounds access (CVE-2007-2172, Important). * a flaw in the nf_conntrack netfilter module for IPv6 that allowed remote users to bypass certain netfilter rules using IPv6 fragments (CVE-2007-1497, Moderate). In addition to the security issues described above, fixes for the following have been included : * a regression in ipv6 routing. * an error in memory initialization that caused gdb to output inaccurate backtraces on ia64. * the nmi watchdog timeout was updated from 5 to 30 seconds. * a flaw in distributed lock management that could result in errors during virtual machine migration. * an omitted include in kernel-headers that led to compile failures for some packages. Red Hat Enterprise Linux 5 users are advised to upgrade to these packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 43641
    published 2010-01-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43641
    title CentOS 5 : kernel (CESA-2007:0347)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0347.NASL
    description Updated kernel packages that fix security issues and bugs in the Red Hat Enterprise Linux 5 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the following security issues : * a flaw in the handling of IPv6 type 0 routing headers that allowed remote users to cause a denial of service that led to a network amplification between two routers (CVE-2007-2242, Important). * a flaw in the nfnetlink_log netfilter module that allowed a local user to cause a denial of service (CVE-2007-1496, Important). * a flaw in the flow list of listening IPv6 sockets that allowed a local user to cause a denial of service (CVE-2007-1592, Important). * a flaw in the handling of netlink messages that allowed a local user to cause a denial of service (infinite recursion) (CVE-2007-1861, Important). * a flaw in the IPv4 forwarding base that allowed a local user to cause an out-of-bounds access (CVE-2007-2172, Important). * a flaw in the nf_conntrack netfilter module for IPv6 that allowed remote users to bypass certain netfilter rules using IPv6 fragments (CVE-2007-1497, Moderate). In addition to the security issues described above, fixes for the following have been included : * a regression in ipv6 routing. * an error in memory initialization that caused gdb to output inaccurate backtraces on ia64. * the nmi watchdog timeout was updated from 5 to 30 seconds. * a flaw in distributed lock management that could result in errors during virtual machine migration. * an omitted include in kernel-headers that led to compile failures for some packages. Red Hat Enterprise Linux 5 users are advised to upgrade to these packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 25333
    published 2007-05-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25333
    title RHEL 5 : kernel (RHSA-2007:0347)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-171.NASL
    description Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel : The Linux kernel did not properly save or restore EFLAGS during a context switch, or reset the flags when creating new threads, which allowed local users to cause a denial of service (process crash) (CVE-2006-5755). The compat_sys_mount function in fs/compat.c allowed local users to cause a denial of service (NULL pointer dereference and oops) by mounting a smbfs file system in compatibility mode (CVE-2006-7203). The nfnetlink_log function in netfilter allowed an attacker to cause a denial of service (crash) via unspecified vectors which would trigger a NULL pointer dereference (CVE-2007-1496). The nf_conntrack function in netfilter did not set nfctinfo during reassembly of fragmented packets, which left the default value as IP_CT_ESTABLISHED and could allow remote attackers to bypass certain rulesets using IPv6 fragments (CVE-2007-1497). The netlink functionality did not properly handle NETLINK_FIB_LOOKUP replies, which allowed a remote attacker to cause a denial of service (resource consumption) via unspecified vectors, probably related to infinite recursion (CVE-2007-1861). A typo in the Linux kernel caused RTA_MAX to be used as an array size instead of RTN_MAX, which lead to an out of bounds access by certain functions (CVE-2007-2172). The IPv6 protocol allowed remote attackers to cause a denial of service via crafted IPv6 type 0 route headers that create network amplification between two routers (CVE-2007-2242). The random number feature did not properly seed pools when there was no entropy, or used an incorrect cast when extracting entropy, which could cause the random number generator to provide the same values after reboots on systems without an entropy source (CVE-2007-2453). A memory leak in the PPPoE socket implementation allowed local users to cause a denial of service (memory consumption) by creating a socket using connect, and releasing it before the PPPIOCGCHAN ioctl is initialized (CVE-2007-2525). An integer underflow in the cpuset_tasks_read function, when the cpuset filesystem is mounted, allowed local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file (CVE-2007-2875). The sctp_new function in netfilter allowed remote attackers to cause a denial of service by causing certain invalid states that triggered a NULL pointer dereference (CVE-2007-2876). In addition to these security fixes, other fixes have been included such as : - Fix crash on netfilter when nfnetlink_log is used on certain hooks on packets forwarded to or from a bridge - Fixed busy sleep on IPVS which caused high load averages - Fixed possible race condition on ext[34]_link - Fixed missing braces in condition block that led to wrong behaviour in NFS - Fixed XFS lock deallocation that resulted in oops when unmounting To update your kernel, please follow the directions located at : http://www.mandriva.com/en/security/kernelupdate
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 25968
    published 2007-09-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25968
    title Mandrake Linux Security Advisory : kernel (MDKSA-2007:171)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-489-1.NASL
    description A flaw was discovered in dvb ULE decapsulation. A remote attacker could send a specially crafted message and cause a denial of service. (CVE-2006-4623) The compat_sys_mount function allowed local users to cause a denial of service when mounting a smbfs filesystem in compatibility mode. (CVE-2006-7203) The Omnikey CardMan 4040 driver (cm4040_cs) did not limit the size of buffers passed to read() and write(). A local attacker could exploit this to execute arbitrary code with kernel privileges. (CVE-2007-0005) Due to an variable handling flaw in the ipv6_getsockopt_sticky() function a local attacker could exploit the getsockopt() calls to read arbitrary kernel memory. This could disclose sensitive data. (CVE-2007-1000) Ilja van Sprundel discovered that Bluetooth setsockopt calls could leak kernel memory contents via an uninitialized stack buffer. A local attacker could exploit this flaw to view sensitive kernel information. (CVE-2007-1353) A flaw was discovered in the handling of netlink messages. Local attackers could cause infinite recursion leading to a denial of service. (CVE-2007-1861) The random number generator was hashing a subset of the available entropy, leading to slightly less random numbers. Additionally, systems without an entropy source would be seeded with the same inputs at boot time, leading to a repeatable series of random numbers. (CVE-2007-2453) A flaw was discovered in the PPP over Ethernet implementation. Local attackers could manipulate ioctls and cause kernel memory consumption leading to a denial of service. (CVE-2007-2525) An integer underflow was discovered in the cpuset filesystem. If mounted, local attackers could obtain kernel memory using large file offsets while reading the tasks file. This could disclose sensitive data. (CVE-2007-2875) Vilmos Nebehaj discovered that the SCTP netfilter code did not correctly validate certain states. A remote attacker could send a specially crafted packet causing a denial of service. (CVE-2007-2876) Luca Tettamanti discovered a flaw in the VFAT compat ioctls on 64-bit systems. A local attacker could corrupt a kernel_dirent struct and cause a denial of service. (CVE-2007-2878) A flaw was discovered in the cluster manager. A remote attacker could connect to the DLM port and block further DLM operations. (CVE-2007-3380) A flaw was discovered in the usblcd driver. A local attacker could cause large amounts of kernel memory consumption, leading to a denial of service. (CVE-2007-3513). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 28090
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28090
    title Ubuntu 6.06 LTS : linux-source-2.6.15 vulnerability (USN-489-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_KERNEL-3760.NASL
    description This kernel update fixes the following security problems : - CVE-2007-1861: The nl_fib_lookup function in net/ipv4/fib_frontend.c allows attackers to cause a denial of service (kernel panic) via NETLINK_FIB_LOOKUP replies, which trigger infinite recursion and a stack overflow. - CVE-2007-1496: nfnetlink_log in netfilter allows attackers to cause a denial of service (crash) via unspecified vectors involving the (1) nfulnl_recv_config function, (2) using 'multiple packets per netlink message', and (3) bridged packets, which trigger a NULL pointer dereference. - CVE-2007-1497: nf_conntrack in netfilter does not set nfctinfo during reassembly of fragmented packets, which leaves the default value as IP_CT_ESTABLISHED and might allow remote attackers to bypass certain rulesets using IPv6 fragments. Please note that the connection tracking option for IPv6 is not enabled in any currently shipping SUSE Linux kernel, so it does not affect SUSE Linux default kernels. - CVE-2007-2242: The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers. The behaviour has been disabled by default, and the patch introduces a new sysctl with which the administrator can reenable it again. - CVE-2006-7203: The compat_sys_mount function in fs/compat.c allows local users to cause a denial of service (NULL pointer dereference and oops) by mounting a smbfs file system in compatibility mode ('mount -t smbfs'). - CVE-2007-2453: Seeding of the kernel random generator on boot did not work correctly due to a programming mistake and so the kernel might have more predictable random numbers than assured. - CVE-2007-2876: A NULL pointer dereference in SCTP connection tracking could be caused by a remote attacker by sending specially crafted packets. Note that this requires SCTP set-up and active to be exploitable. and the following non security bugs : - patches.fixes/cpufreq_fix_limited_on_battery.patch: Fix limited freq when booted on battery. [#231107] - patches.fixes/usb-keyspan-regression-fix.patch: USB: keyspan regression fix [#240919] - - patches.fixes/hpt366-dont-check-enablebits-for-hpt36x.pa tch: hpt366: don't check enablebits for HPT36x [#278696]
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27295
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27295
    title openSUSE 10 Security Update : kernel (kernel-3760)
oval via4
accepted 2013-04-29T04:15:00.415-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description The nl_fib_lookup function in net/ipv4/fib_frontend.c in Linux Kernel before 2.6.20.8 allows attackers to cause a denial of service (kernel panic) via NETLINK_FIB_LOOKUP replies, which trigger infinite recursion and a stack overflow.
family unix
id oval:org.mitre.oval:def:11616
status accepted
submitted 2010-07-09T03:56:16-04:00
title The nl_fib_lookup function in net/ipv4/fib_frontend.c in Linux Kernel before 2.6.20.8 allows attackers to cause a denial of service (kernel panic) via NETLINK_FIB_LOOKUP replies, which trigger infinite recursion and a stack overflow.
version 18
redhat via4
advisories
rhsa
id RHSA-2007:0347
rpms
  • kernel-0:2.6.18-8.1.4.el5
  • kernel-PAE-0:2.6.18-8.1.4.el5
  • kernel-PAE-devel-0:2.6.18-8.1.4.el5
  • kernel-devel-0:2.6.18-8.1.4.el5
  • kernel-doc-0:2.6.18-8.1.4.el5
  • kernel-headers-0:2.6.18-8.1.4.el5
  • kernel-kdump-0:2.6.18-8.1.4.el5
  • kernel-kdump-devel-0:2.6.18-8.1.4.el5
  • kernel-xen-0:2.6.18-8.1.4.el5
  • kernel-xen-devel-0:2.6.18-8.1.4.el5
refmap via4
bid 23677
bugtraq
  • 20070508 FLEA-2007-0016-1: kernel
  • 20070615 rPSA-2007-0124-1 kernel xen
confirm
debian DSA-1289
mandriva MDKSA-2007:171
secunia
  • 25030
  • 25083
  • 25228
  • 25288
  • 25691
  • 25961
  • 26133
  • 26139
  • 26620
suse SUSE-SA:2007:043
ubuntu
  • USN-486-1
  • USN-489-1
vupen ADV-2007-1595
xf kernel-netlinkfiblookup-dos(34014)
Last major update 19-03-2012 - 00:00
Published 07-05-2007 - 15:19
Last modified 16-10-2018 - 12:40
Back to Top