ID CVE-2007-5966
Summary Integer overflow in the hrtimer_start function in kernel/hrtimer.c in the Linux kernel before 2.6.23.10 allows local users to execute arbitrary code or cause a denial of service (panic) via a large relative timeout value. NOTE: some of these details are obtained from third party information.
References
Vulnerable Configurations
  • cpe:2.3:o:linux:linux_kernel:2.6.23:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.23:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.23:rc1:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.23:rc1:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.23:rc2:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.23:rc2:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.23.1:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.23.1:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.23.2:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.23.2:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.23.3:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.23.3:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.23.4:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.23.4:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.23.5:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.23.5:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.23.6:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.23.6:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.23.7:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.23.7:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.23.9:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.23.9:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 15-10-2018 - 21:48)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
oval via4
  • accepted 2013-04-29T04:08:36.929-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description Integer overflow in the hrtimer_start function in kernel/hrtimer.c in the Linux kernel before 2.6.23.10 allows local users to execute arbitrary code or cause a denial of service (panic) via a large relative timeout value. NOTE: some of these details are obtained from third party information.
    family unix
    id oval:org.mitre.oval:def:10774
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Integer overflow in the hrtimer_start function in kernel/hrtimer.c in the Linux kernel before 2.6.23.10 allows local users to execute arbitrary code or cause a denial of service (panic) via a large relative timeout value. NOTE: some of these details are obtained from third party information.
    version 18
  • accepted 2014-01-20T04:01:37.757-05:00
    class vulnerability
    contributors
    • name Pai Peng
      organization Hewlett-Packard
    • name Chris Coffin
      organization The MITRE Corporation
    definition_extensions
    comment VMware ESX Server 4.0 is installed
    oval oval:org.mitre.oval:def:6293
    description Integer overflow in the hrtimer_start function in kernel/hrtimer.c in the Linux kernel before 2.6.23.10 allows local users to execute arbitrary code or cause a denial of service (panic) via a large relative timeout value. NOTE: some of these details are obtained from third party information.
    family unix
    id oval:org.mitre.oval:def:8125
    status accepted
    submitted 2010-03-19T16:57:59.000-04:00
    title VMware kernel integer overflow vulnerability in hrtimer_start function
    version 7
redhat via4
advisories
  • rhsa
    id RHSA-2008:0585
  • rhsa
    id RHSA-2009:1193
rpms
  • kernel-0:2.6.18-128.4.1.el5
  • kernel-PAE-0:2.6.18-128.4.1.el5
  • kernel-PAE-devel-0:2.6.18-128.4.1.el5
  • kernel-debug-0:2.6.18-128.4.1.el5
  • kernel-debug-devel-0:2.6.18-128.4.1.el5
  • kernel-devel-0:2.6.18-128.4.1.el5
  • kernel-doc-0:2.6.18-128.4.1.el5
  • kernel-headers-0:2.6.18-128.4.1.el5
  • kernel-kdump-0:2.6.18-128.4.1.el5
  • kernel-kdump-devel-0:2.6.18-128.4.1.el5
  • kernel-xen-0:2.6.18-128.4.1.el5
  • kernel-xen-devel-0:2.6.18-128.4.1.el5
refmap via4
bid 26880
bugtraq
  • 20071218 rPSA-2007-0269-1 kernel
  • 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components
confirm
debian DSA-1436
mandriva MDVSA-2008:112
secunia
  • 28088
  • 28105
  • 28141
  • 28706
  • 28806
  • 31628
  • 36131
  • 37471
suse SUSE-SA:2008:006
ubuntu USN-574-1
vupen
  • ADV-2007-4225
  • ADV-2009-3316
statements via4
contributor Mark J Cox
lastmodified 2009-08-05
organization Red Hat
statement This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, and 4. It was addressed in Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2009-1193.html, and https://rhn.redhat.com/errata/RHSA-2008-0585.html respectively.
Last major update 15-10-2018 - 21:48
Published 20-12-2007 - 00:46
Back to Top