ID CVE-2007-5494
Summary Memory leak in the Red Hat Content Accelerator kernel patch in Red Hat Enterprise Linux (RHEL) 4 and 5 allows local users to cause a denial of service (memory consumption) via a large number of open requests involving O_ATOMICLOOKUP.
References
Vulnerable Configurations
  • Red Hat Enterprise Linux 4.0
    cpe:2.3:o:redhat:enterprise_linux:4.0
  • Red Hat Enterprise Linux 5.0
    cpe:2.3:o:redhat:enterprise_linux:5.0
CVSS
Base: 4.9 (as of 30-11-2007 - 19:42)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20071219_KERNEL_ON_SL4_X.NASL
    description A flaw was found in the handling of IEEE 802.11 frames, which affected several wireless LAN modules. In certain situations, a remote attacker could trigger this flaw by sending a malicious packet over a wireless network, causing a denial of service (kernel crash). (CVE-2007-4997, Important) A memory leak was found in the Red Hat Content Accelerator kernel patch. A local user could use this flaw to cause a denial of service (memory exhaustion). (CVE-2007-5494, Important) Additionally, the following bugs were fixed : - when running the 'ls -la' command on an NFSv4 mount point, incorrect file attributes, and outdated file size and timestamp information were returned. As well, symbolic links may have been displayed as actual files. - a bug which caused the cmirror write path to appear deadlocked after a successful recovery, which may have caused syncing to hang, has been resolved. - a kernel panic which occurred when manually configuring LCS interfaces on the IBM S/390 has been resolved. - when running a 32-bit binary on a 64-bit system, it was possible to mmap page at address 0 without flag MAP_FIXED set. This has been resolved in these updated packages. - the Non-Maskable Interrupt (NMI) Watchdog did not increment the NMI interrupt counter in '/proc/interrupts' on systems running an AMD Opteron CPU. This caused systems running NMI Watchdog to restart at regular intervals. - a bug which caused the diskdump utility to run very slowly on devices using Fusion MPT has been resolved.
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60335
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60335
    title Scientific Linux Security Update : kernel on SL4.x i386/x86_64
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20071129_KERNEL_ON_SL5_X.NASL
    description These new kernel packages contain fixes for the following security issues : A memory leak was found in the Red Hat Content Accelerator kernel patch. A local user could use this flaw to cause a denial of service (memory exhaustion). (CVE-2007-5494, Important) A flaw was found in the handling of IEEE 802.11 frames affecting several wireless LAN modules. In certain circumstances, a remote attacker could trigger this flaw by sending a malicious packet over a wireless network and cause a denial of service (kernel crash). (CVE-2007-4997, Important). A flaw was found in the Advanced Linux Sound Architecture (ALSA). A local user who had the ability to read the /proc/driver/snd-page-alloc file could see portions of kernel memory. (CVE-2007-4571, Moderate). In addition to the security issues described above, several bug fixes preventing possible memory corruption, system crashes, SCSI I/O fails, networking drivers performance regression and journaling block device layer issue were also included.
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60318
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60318
    title Scientific Linux Security Update : kernel on SL5.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0993.NASL
    description Updated kernel packages that fix various security issues in the Red Hat Enterprise Linux 5 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the following security issues : A memory leak was found in the Red Hat Content Accelerator kernel patch. A local user could use this flaw to cause a denial of service (memory exhaustion). (CVE-2007-5494, Important) A flaw was found in the handling of IEEE 802.11 frames affecting several wireless LAN modules. In certain circumstances, a remote attacker could trigger this flaw by sending a malicious packet over a wireless network and cause a denial of service (kernel crash). (CVE-2007-4997, Important). A flaw was found in the Advanced Linux Sound Architecture (ALSA). A local user who had the ability to read the /proc/driver/snd-page-alloc file could see portions of kernel memory. (CVE-2007-4571, Moderate). In addition to the security issues described above, several bug fixes preventing possible memory corruption, system crashes, SCSI I/O fails, networking drivers performance regression and journaling block device layer issue were also included. Red Hat Enterprise Linux 5 users are advised to upgrade to these packages, which contain backported patches to resolve these issues. Red Hat would like to credit Vasily Averin, Chris Evans, and Neil Kettle for reporting the security issues corrected by this update.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 28363
    published 2007-11-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28363
    title RHEL 5 : kernel (RHSA-2007:0993)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-1104.NASL
    description Updated kernel packages that fix various security issues and several bugs in the Red Hat Enterprise Linux 4 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : A flaw was found in the handling of IEEE 802.11 frames, which affected several wireless LAN modules. In certain situations, a remote attacker could trigger this flaw by sending a malicious packet over a wireless network, causing a denial of service (kernel crash). (CVE-2007-4997, Important) A memory leak was found in the Red Hat Content Accelerator kernel patch. A local user could use this flaw to cause a denial of service (memory exhaustion). (CVE-2007-5494, Important) Additionally, the following bugs were fixed : * when running the 'ls -la' command on an NFSv4 mount point, incorrect file attributes, and outdated file size and timestamp information were returned. As well, symbolic links may have been displayed as actual files. * a bug which caused the cmirror write path to appear deadlocked after a successful recovery, which may have caused syncing to hang, has been resolved. * a kernel panic which occurred when manually configuring LCS interfaces on the IBM S/390 has been resolved. * when running a 32-bit binary on a 64-bit system, it was possible to mmap page at address 0 without flag MAP_FIXED set. This has been resolved in these updated packages. * the Non-Maskable Interrupt (NMI) Watchdog did not increment the NMI interrupt counter in '/proc/interrupts' on systems running an AMD Opteron CPU. This caused systems running NMI Watchdog to restart at regular intervals. * a bug which caused the diskdump utility to run very slowly on devices using Fusion MPT has been resolved. All users are advised to upgrade to these updated packages, which resolve these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 29774
    published 2007-12-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29774
    title RHEL 4 : kernel (RHSA-2007:1104)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-1104.NASL
    description Updated kernel packages that fix various security issues and several bugs in the Red Hat Enterprise Linux 4 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : A flaw was found in the handling of IEEE 802.11 frames, which affected several wireless LAN modules. In certain situations, a remote attacker could trigger this flaw by sending a malicious packet over a wireless network, causing a denial of service (kernel crash). (CVE-2007-4997, Important) A memory leak was found in the Red Hat Content Accelerator kernel patch. A local user could use this flaw to cause a denial of service (memory exhaustion). (CVE-2007-5494, Important) Additionally, the following bugs were fixed : * when running the 'ls -la' command on an NFSv4 mount point, incorrect file attributes, and outdated file size and timestamp information were returned. As well, symbolic links may have been displayed as actual files. * a bug which caused the cmirror write path to appear deadlocked after a successful recovery, which may have caused syncing to hang, has been resolved. * a kernel panic which occurred when manually configuring LCS interfaces on the IBM S/390 has been resolved. * when running a 32-bit binary on a 64-bit system, it was possible to mmap page at address 0 without flag MAP_FIXED set. This has been resolved in these updated packages. * the Non-Maskable Interrupt (NMI) Watchdog did not increment the NMI interrupt counter in '/proc/interrupts' on systems running an AMD Opteron CPU. This caused systems running NMI Watchdog to restart at regular intervals. * a bug which caused the diskdump utility to run very slowly on devices using Fusion MPT has been resolved. All users are advised to upgrade to these updated packages, which resolve these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 29751
    published 2007-12-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29751
    title CentOS 4 : kernel (CESA-2007:1104)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0993.NASL
    description From Red Hat Security Advisory 2007:0993 : Updated kernel packages that fix various security issues in the Red Hat Enterprise Linux 5 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the following security issues : A memory leak was found in the Red Hat Content Accelerator kernel patch. A local user could use this flaw to cause a denial of service (memory exhaustion). (CVE-2007-5494, Important) A flaw was found in the handling of IEEE 802.11 frames affecting several wireless LAN modules. In certain circumstances, a remote attacker could trigger this flaw by sending a malicious packet over a wireless network and cause a denial of service (kernel crash). (CVE-2007-4997, Important). A flaw was found in the Advanced Linux Sound Architecture (ALSA). A local user who had the ability to read the /proc/driver/snd-page-alloc file could see portions of kernel memory. (CVE-2007-4571, Moderate). In addition to the security issues described above, several bug fixes preventing possible memory corruption, system crashes, SCSI I/O fails, networking drivers performance regression and journaling block device layer issue were also included. Red Hat Enterprise Linux 5 users are advised to upgrade to these packages, which contain backported patches to resolve these issues. Red Hat would like to credit Vasily Averin, Chris Evans, and Neil Kettle for reporting the security issues corrected by this update.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67595
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67595
    title Oracle Linux 5 : kernel (ELSA-2007-0993)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-1104.NASL
    description From Red Hat Security Advisory 2007:1104 : Updated kernel packages that fix various security issues and several bugs in the Red Hat Enterprise Linux 4 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : A flaw was found in the handling of IEEE 802.11 frames, which affected several wireless LAN modules. In certain situations, a remote attacker could trigger this flaw by sending a malicious packet over a wireless network, causing a denial of service (kernel crash). (CVE-2007-4997, Important) A memory leak was found in the Red Hat Content Accelerator kernel patch. A local user could use this flaw to cause a denial of service (memory exhaustion). (CVE-2007-5494, Important) Additionally, the following bugs were fixed : * when running the 'ls -la' command on an NFSv4 mount point, incorrect file attributes, and outdated file size and timestamp information were returned. As well, symbolic links may have been displayed as actual files. * a bug which caused the cmirror write path to appear deadlocked after a successful recovery, which may have caused syncing to hang, has been resolved. * a kernel panic which occurred when manually configuring LCS interfaces on the IBM S/390 has been resolved. * when running a 32-bit binary on a 64-bit system, it was possible to mmap page at address 0 without flag MAP_FIXED set. This has been resolved in these updated packages. * the Non-Maskable Interrupt (NMI) Watchdog did not increment the NMI interrupt counter in '/proc/interrupts' on systems running an AMD Opteron CPU. This caused systems running NMI Watchdog to restart at regular intervals. * a bug which caused the diskdump utility to run very slowly on devices using Fusion MPT has been resolved. All users are advised to upgrade to these updated packages, which resolve these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67619
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67619
    title Oracle Linux 4 : kernel (ELSA-2007-1104)
oval via4
accepted 2013-04-29T04:09:40.886-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Memory leak in the Red Hat Content Accelerator kernel patch in Red Hat Enterprise Linux (RHEL) 4 and 5 allows local users to cause a denial of service (memory consumption) via a large number of open requests involving O_ATOMICLOOKUP.
family unix
id oval:org.mitre.oval:def:10884
status accepted
submitted 2010-07-09T03:56:16-04:00
title Memory leak in the Red Hat Content Accelerator kernel patch in Red Hat Enterprise Linux (RHEL) 4 and 5 allows local users to cause a denial of service (memory consumption) via a large number of open requests involving O_ATOMICLOOKUP.
version 24
redhat via4
advisories
  • bugzilla
    id 381131
    title forcedeth driver mishandles MSI interrupts under high load
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment kernel is earlier than 0:2.6.18-53.1.4.el5
          oval oval:com.redhat.rhsa:tst:20070993002
        • comment kernel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070099003
      • AND
        • comment kernel-PAE is earlier than 0:2.6.18-53.1.4.el5
          oval oval:com.redhat.rhsa:tst:20070993022
        • comment kernel-PAE is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070099019
      • AND
        • comment kernel-PAE-devel is earlier than 0:2.6.18-53.1.4.el5
          oval oval:com.redhat.rhsa:tst:20070993020
        • comment kernel-PAE-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070099017
      • AND
        • comment kernel-debug is earlier than 0:2.6.18-53.1.4.el5
          oval oval:com.redhat.rhsa:tst:20070993006
        • comment kernel-debug is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070993007
      • AND
        • comment kernel-debug-devel is earlier than 0:2.6.18-53.1.4.el5
          oval oval:com.redhat.rhsa:tst:20070993012
        • comment kernel-debug-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070993013
      • AND
        • comment kernel-devel is earlier than 0:2.6.18-53.1.4.el5
          oval oval:com.redhat.rhsa:tst:20070993008
        • comment kernel-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070099011
      • AND
        • comment kernel-doc is earlier than 0:2.6.18-53.1.4.el5
          oval oval:com.redhat.rhsa:tst:20070993024
        • comment kernel-doc is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070099021
      • AND
        • comment kernel-headers is earlier than 0:2.6.18-53.1.4.el5
          oval oval:com.redhat.rhsa:tst:20070993004
        • comment kernel-headers is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070099005
      • AND
        • comment kernel-kdump is earlier than 0:2.6.18-53.1.4.el5
          oval oval:com.redhat.rhsa:tst:20070993016
        • comment kernel-kdump is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070099015
      • AND
        • comment kernel-kdump-devel is earlier than 0:2.6.18-53.1.4.el5
          oval oval:com.redhat.rhsa:tst:20070993018
        • comment kernel-kdump-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070099013
      • AND
        • comment kernel-xen is earlier than 0:2.6.18-53.1.4.el5
          oval oval:com.redhat.rhsa:tst:20070993014
        • comment kernel-xen is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070099007
      • AND
        • comment kernel-xen-devel is earlier than 0:2.6.18-53.1.4.el5
          oval oval:com.redhat.rhsa:tst:20070993010
        • comment kernel-xen-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070099009
    rhsa
    id RHSA-2007:0993
    released 2007-11-29
    severity Important
    title RHSA-2007:0993: kernel security update (Important)
  • bugzilla
    id 404781
    title RHEL4.6 [REGRESSION] diskdump works with mpt fusion too slow.
    oval
    AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhsa:tst:20060016001
    • OR
      • AND
        • comment kernel is earlier than 0:2.6.9-67.0.1.EL
          oval oval:com.redhat.rhsa:tst:20071104002
        • comment kernel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060689003
      • AND
        • comment kernel-devel is earlier than 0:2.6.9-67.0.1.EL
          oval oval:com.redhat.rhsa:tst:20071104004
        • comment kernel-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060689005
      • AND
        • comment kernel-doc is earlier than 0:2.6.9-67.0.1.EL
          oval oval:com.redhat.rhsa:tst:20071104022
        • comment kernel-doc is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060689019
      • AND
        • comment kernel-hugemem is earlier than 0:2.6.9-67.0.1.EL
          oval oval:com.redhat.rhsa:tst:20071104020
        • comment kernel-hugemem is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060689017
      • AND
        • comment kernel-hugemem-devel is earlier than 0:2.6.9-67.0.1.EL
          oval oval:com.redhat.rhsa:tst:20071104018
        • comment kernel-hugemem-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060689015
      • AND
        • comment kernel-largesmp is earlier than 0:2.6.9-67.0.1.EL
          oval oval:com.redhat.rhsa:tst:20071104014
        • comment kernel-largesmp is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060689013
      • AND
        • comment kernel-largesmp-devel is earlier than 0:2.6.9-67.0.1.EL
          oval oval:com.redhat.rhsa:tst:20071104008
        • comment kernel-largesmp-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060689009
      • AND
        • comment kernel-smp is earlier than 0:2.6.9-67.0.1.EL
          oval oval:com.redhat.rhsa:tst:20071104012
        • comment kernel-smp is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060689011
      • AND
        • comment kernel-smp-devel is earlier than 0:2.6.9-67.0.1.EL
          oval oval:com.redhat.rhsa:tst:20071104016
        • comment kernel-smp-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060689007
      • AND
        • comment kernel-xenU is earlier than 0:2.6.9-67.0.1.EL
          oval oval:com.redhat.rhsa:tst:20071104006
        • comment kernel-xenU is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070488009
      • AND
        • comment kernel-xenU-devel is earlier than 0:2.6.9-67.0.1.EL
          oval oval:com.redhat.rhsa:tst:20071104010
        • comment kernel-xenU-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070488011
    rhsa
    id RHSA-2007:1104
    released 2007-12-19
    severity Important
    title RHSA-2007:1104: kernel security and bug fix update (Important)
rpms
  • kernel-0:2.6.18-53.1.4.el5
  • kernel-PAE-0:2.6.18-53.1.4.el5
  • kernel-PAE-devel-0:2.6.18-53.1.4.el5
  • kernel-debug-0:2.6.18-53.1.4.el5
  • kernel-debug-devel-0:2.6.18-53.1.4.el5
  • kernel-devel-0:2.6.18-53.1.4.el5
  • kernel-doc-0:2.6.18-53.1.4.el5
  • kernel-headers-0:2.6.18-53.1.4.el5
  • kernel-kdump-0:2.6.18-53.1.4.el5
  • kernel-kdump-devel-0:2.6.18-53.1.4.el5
  • kernel-xen-0:2.6.18-53.1.4.el5
  • kernel-xen-devel-0:2.6.18-53.1.4.el5
  • kernel-0:2.6.9-67.0.1.EL
  • kernel-devel-0:2.6.9-67.0.1.EL
  • kernel-doc-0:2.6.9-67.0.1.EL
  • kernel-hugemem-0:2.6.9-67.0.1.EL
  • kernel-hugemem-devel-0:2.6.9-67.0.1.EL
  • kernel-largesmp-0:2.6.9-67.0.1.EL
  • kernel-largesmp-devel-0:2.6.9-67.0.1.EL
  • kernel-smp-0:2.6.9-67.0.1.EL
  • kernel-smp-devel-0:2.6.9-67.0.1.EL
  • kernel-xenU-0:2.6.9-67.0.1.EL
  • kernel-xenU-devel-0:2.6.9-67.0.1.EL
refmap via4
bid 26657
confirm https://bugzilla.redhat.com/show_bug.cgi?id=315051
osvdb 44153
sectrack 1019017
secunia
  • 27824
  • 28162
xf rhel-content-accelerator-dos(38823)
Last major update 21-08-2010 - 00:00
Published 29-11-2007 - 21:46
Last modified 28-09-2017 - 21:29
Back to Top