CVE-2007-2525 - Memory leak in the PPP over Ethernet (PPPoE) socket implementation in the Linux kernel before 2.6.21

CVE-2007-2525

Summary

Memory leak in the PPP over Ethernet (PPPoE) socket implementation in the Linux kernel before 2.6.21-git8 allows local users to cause a denial of service (memory consumption) by creating a socket using connect, and releasing it before the PPPIOCGCHAN ioctl is initialized.

References

Vulnerable Configurations

cpe:2.3:o:linux:linux_kernel:2.6.21:git7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.21:git7:*:*:*:*:*:*

CVSS

Base:	4.9 (as of 11-10-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:N/I:N/A:C

oval via4

accepted

2013-04-29T04:06:56.702-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990
comment The operating system installed on the system is Red Hat Enterprise Linux 5
oval oval:org.mitre.oval:def:11414
comment The operating system installed on the system is CentOS Linux 5.x
oval oval:org.mitre.oval:def:15802
comment Oracle Linux 5.x
oval oval:org.mitre.oval:def:15459

description

family

unix

oval:org.mitre.oval:def:10594

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

redhat via4

advisories

bugzilla

id	243262
title	CVE-2007-2525 PPPoE socket PPPIOCGCHAN denial of service

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005

comment kernel earlier than 0:2.6.18-8.1.6.el5 is currently running
oval oval:com.redhat.rhsa:tst:20070376021
comment kernel earlier than 0:2.6.18-8.1.6.el5 is set to boot up on next boot
oval oval:com.redhat.rhsa:tst:20070376022

AND
comment kernel is earlier than 0:2.6.18-8.1.6.el5
oval oval:com.redhat.rhsa:tst:20070376001
comment kernel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314002
AND
comment kernel-PAE is earlier than 0:2.6.18-8.1.6.el5
oval oval:com.redhat.rhsa:tst:20070376003
comment kernel-PAE is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314004

AND

comment kernel-PAE-devel is earlier than 0:2.6.18-8.1.6.el5
oval oval:com.redhat.rhsa:tst:20070376005
comment kernel-PAE-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314006

AND

comment kernel-devel is earlier than 0:2.6.18-8.1.6.el5
oval oval:com.redhat.rhsa:tst:20070376007
comment kernel-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314012

AND
comment kernel-doc is earlier than 0:2.6.18-8.1.6.el5
oval oval:com.redhat.rhsa:tst:20070376009
comment kernel-doc is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314014

AND

comment kernel-headers is earlier than 0:2.6.18-8.1.6.el5
oval oval:com.redhat.rhsa:tst:20070376011
comment kernel-headers is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314016

AND

comment kernel-kdump is earlier than 0:2.6.18-8.1.6.el5
oval oval:com.redhat.rhsa:tst:20070376013
comment kernel-kdump is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314018

AND

comment kernel-kdump-devel is earlier than 0:2.6.18-8.1.6.el5
oval oval:com.redhat.rhsa:tst:20070376015
comment kernel-kdump-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314020

AND
comment kernel-xen is earlier than 0:2.6.18-8.1.6.el5
oval oval:com.redhat.rhsa:tst:20070376017
comment kernel-xen is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314022

AND

comment kernel-xen-devel is earlier than 0:2.6.18-8.1.6.el5
oval oval:com.redhat.rhsa:tst:20070376019
comment kernel-xen-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314024

rhsa

id	RHSA-2007:0376
released	2007-06-14
severity	Important
title	RHSA-2007:0376: kernel security and bug fix update (Important)

rhsa
id RHSA-2007:0488

rpms

kernel-0:2.6.18-8.1.6.el5
kernel-PAE-0:2.6.18-8.1.6.el5
kernel-PAE-debuginfo-0:2.6.18-8.1.6.el5
kernel-PAE-devel-0:2.6.18-8.1.6.el5
kernel-debuginfo-0:2.6.18-8.1.6.el5
kernel-debuginfo-common-0:2.6.18-8.1.6.el5
kernel-devel-0:2.6.18-8.1.6.el5
kernel-doc-0:2.6.18-8.1.6.el5
kernel-headers-0:2.6.18-8.1.6.el5
kernel-kdump-0:2.6.18-8.1.6.el5
kernel-kdump-debuginfo-0:2.6.18-8.1.6.el5
kernel-kdump-devel-0:2.6.18-8.1.6.el5
kernel-xen-0:2.6.18-8.1.6.el5
kernel-xen-debuginfo-0:2.6.18-8.1.6.el5
kernel-xen-devel-0:2.6.18-8.1.6.el5
kernel-0:2.6.9-55.0.2.EL
kernel-debuginfo-0:2.6.9-55.0.2.EL
kernel-devel-0:2.6.9-55.0.2.EL
kernel-doc-0:2.6.9-55.0.2.EL
kernel-hugemem-0:2.6.9-55.0.2.EL
kernel-hugemem-devel-0:2.6.9-55.0.2.EL
kernel-largesmp-0:2.6.9-55.0.2.EL
kernel-largesmp-devel-0:2.6.9-55.0.2.EL
kernel-smp-0:2.6.9-55.0.2.EL
kernel-smp-devel-0:2.6.9-55.0.2.EL
kernel-xenU-0:2.6.9-55.0.2.EL
kernel-xenU-devel-0:2.6.9-55.0.2.EL

refmap via4

bid	23870
confirm	http://kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.21-git8.log http://support.avaya.com/elmodocs2/security/ASA-2007-287.htm
debian	DSA-1356 DSA-1503 DSA-1504
mandriva	MDKSA-2007:171 MDKSA-2007:196 MDKSA-2007:216
secunia	25163 25700 25838 26133 26139 26289 26450 26620 26664 27227 29058
suse	SUSE-SA:2007:051 SUSE-SA:2007:053
ubuntu	USN-486-1 USN-489-1 USN-510-1
vupen	ADV-2007-1703
xf	kernel-pppoe-dos(34150)

Last major update

11-10-2017 - 01:32

Published

08-05-2007 - 23:19

Last modified

11-10-2017 - 01:32