CVE-2007-0771 - The utrace support in Linux kernel 2.6.18, and other versions, allows local users to cause a denial

CVE-2007-0771

Summary

The utrace support in Linux kernel 2.6.18, and other versions, allows local users to cause a denial of service (system hang) related to "MT exec + utrace_attach spin failure mode," as demonstrated by ptrace-thrash.c.

References

Vulnerable Configurations

cpe:2.3:o:linux:linux_kernel:2.6.18:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18.1:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18.1:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18.3:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18.3:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18.4:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5.0:*:desktop:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5.0:*:desktop:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5.0:*:desktop_workstation:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5.0:*:desktop_workstation:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5.0:*:server:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5.0:*:server:*:*:*:*:*

CVSS

Base:	4.9 (as of 11-10-2017 - 01:31)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:N/I:N/A:C

oval via4

accepted

2013-04-29T04:19:28.152-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 5
oval oval:org.mitre.oval:def:11414
comment The operating system installed on the system is CentOS Linux 5.x
oval oval:org.mitre.oval:def:15802
comment Oracle Linux 5.x
oval oval:org.mitre.oval:def:15459

description

family

unix

oval:org.mitre.oval:def:9447

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

redhat via4

advisories

rhsa

id	RHSA-2007:0169

rpms

kernel-0:2.6.18-8.1.3.el5
kernel-PAE-0:2.6.18-8.1.3.el5
kernel-PAE-debuginfo-0:2.6.18-8.1.3.el5
kernel-PAE-devel-0:2.6.18-8.1.3.el5
kernel-debuginfo-0:2.6.18-8.1.3.el5
kernel-debuginfo-common-0:2.6.18-8.1.3.el5
kernel-devel-0:2.6.18-8.1.3.el5
kernel-doc-0:2.6.18-8.1.3.el5
kernel-headers-0:2.6.18-8.1.3.el5
kernel-kdump-0:2.6.18-8.1.3.el5
kernel-kdump-debuginfo-0:2.6.18-8.1.3.el5
kernel-kdump-devel-0:2.6.18-8.1.3.el5
kernel-xen-0:2.6.18-8.1.3.el5
kernel-xen-debuginfo-0:2.6.18-8.1.3.el5
kernel-xen-devel-0:2.6.18-8.1.3.el5

refmap via4

bid	23720
confirm	https://bugzilla.redhat.com/show_bug.cgi?id=227952 https://bugzilla.redhat.com/show_bug.cgi?id=228816
osvdb	35927
sectrack	1017979
secunia	25080
xf	kernel-utracesupport-dos(34128)

Last major update

11-10-2017 - 01:31

Published

02-05-2007 - 22:19

Last modified

11-10-2017 - 01:31