Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2007-AVI-256
Vulnerability from certfr_avis
Plusieurs vulnérabilités dans la branche 2.6 du noyau Linux permettent à un utilisateur malintentionné de provoquer un déni de service à distance ou de porter atteinte à la confidentialité des données.
Description
- Une vulnérabilité dans NETFILTER permet à une personne malveillante de provoquer un déni de service du système au moyen d'un paquet SCTP (Stream Control Transmission Protocol spécialement contruit (CVE-2007-2876) ;
- la seconde vulnérabilité dans la fonction cpuset_tasks_read permet à un individu malintentionné d'avoir accès en lecture à la certaine zone mémoire du noyau Linux (CVE-2007-2875) ;
- une faiblesse dans le noyau Linux lors du traitement des graines utilisées pour la création de nombres aléatoires. Cela peut fragiliser toute application s'appuyant sur ce générateur de nombre aléatoire (CVE-2007-2453).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Noyau Linux 2.6.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eNoyau Linux 2.6.\u003c/P\u003e",
"content": "## Description\n\n- Une vuln\u00e9rabilit\u00e9 dans NETFILTER permet \u00e0 une personne malveillante\n de provoquer un d\u00e9ni de service du syst\u00e8me au moyen d\u0027un paquet SCTP\n (Stream Control Transmission Protocol sp\u00e9cialement contruit\n (CVE-2007-2876) ;\n- la seconde vuln\u00e9rabilit\u00e9 dans la fonction cpuset_tasks_read permet \u00e0\n un individu malintentionn\u00e9 d\u0027avoir acc\u00e8s en lecture \u00e0 la certaine\n zone m\u00e9moire du noyau Linux (CVE-2007-2875) ;\n- une faiblesse dans le noyau Linux lors du traitement des graines\n utilis\u00e9es pour la cr\u00e9ation de nombres al\u00e9atoires. Cela peut\n fragiliser toute application s\u0027appuyant sur ce g\u00e9n\u00e9rateur de nombre\n al\u00e9atoire (CVE-2007-2453).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2007-2876",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-2876"
},
{
"name": "CVE-2007-2875",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-2875"
},
{
"name": "CVE-2007-2453",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-2453"
}
],
"initial_release_date": "2007-06-08T00:00:00",
"last_revision_date": "2007-06-08T00:00:00",
"links": [
{
"title": "Liste des changements apport\u00e9s \u00e0 la version 2.6.21.4 du noyau Linux :",
"url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.4"
}
],
"reference": "CERTA-2007-AVI-256",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2007-06-08T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans la branche 2.6 du noyau Linux permettent \u00e0\nun utilisateur malintentionn\u00e9 de provoquer un d\u00e9ni de service \u00e0 distance\nou de porter atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux",
"vendor_advisories": [
{
"published_at": null,
"title": "Liste des changements apport\u00e9s \u00e0 la version 2.6.21.4 du noyau Linux",
"url": null
}
]
}
CVE-2007-2875 (GCVE-0-2007-2875)
Vulnerability from cvelistv5
Published
2007-06-11 22:00
Modified
2024-08-07 13:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer underflow in the cpuset_tasks_read function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:57:54.824Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070607 Linux Kernel cpuset tasks Information Disclosure Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=541"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.4"
},
{
"name": "27227",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27227"
},
{
"name": "ADV-2007-2105",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2105"
},
{
"name": "SUSE-SA:2007:053",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_53_kernel.html"
},
{
"name": "24389",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24389"
},
{
"name": "DSA-1363",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1363"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.13"
},
{
"name": "37113",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37113"
},
{
"name": "MDKSA-2007:171",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:171"
},
{
"name": "USN-510-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-510-1"
},
{
"name": "26647",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26647"
},
{
"name": "26760",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26760"
},
{
"name": "RHSA-2007:0705",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0705.html"
},
{
"name": "26620",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26620"
},
{
"name": "USN-489-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-489-1"
},
{
"name": "MDKSA-2007:196",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:196"
},
{
"name": "oval:org.mitre.oval:def:9251",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9251"
},
{
"name": "kernel-cpusettasksread-info-disclosure(34779)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34779"
},
{
"name": "1018211",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018211"
},
{
"name": "USN-486-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-486-1"
},
{
"name": "26139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26139"
},
{
"name": "26133",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26133"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer underflow in the cpuset_tasks_read function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "20070607 Linux Kernel cpuset tasks Information Disclosure Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=541"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.4"
},
{
"name": "27227",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27227"
},
{
"name": "ADV-2007-2105",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2105"
},
{
"name": "SUSE-SA:2007:053",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_53_kernel.html"
},
{
"name": "24389",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24389"
},
{
"name": "DSA-1363",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1363"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.13"
},
{
"name": "37113",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37113"
},
{
"name": "MDKSA-2007:171",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:171"
},
{
"name": "USN-510-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-510-1"
},
{
"name": "26647",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26647"
},
{
"name": "26760",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26760"
},
{
"name": "RHSA-2007:0705",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0705.html"
},
{
"name": "26620",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26620"
},
{
"name": "USN-489-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-489-1"
},
{
"name": "MDKSA-2007:196",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:196"
},
{
"name": "oval:org.mitre.oval:def:9251",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9251"
},
{
"name": "kernel-cpusettasksread-info-disclosure(34779)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34779"
},
{
"name": "1018211",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018211"
},
{
"name": "USN-486-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-486-1"
},
{
"name": "26139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26139"
},
{
"name": "26133",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26133"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2007-2875",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer underflow in the cpuset_tasks_read function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070607 Linux Kernel cpuset tasks Information Disclosure Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=541"
},
{
"name": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.4",
"refsource": "CONFIRM",
"url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.4"
},
{
"name": "27227",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27227"
},
{
"name": "ADV-2007-2105",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2105"
},
{
"name": "SUSE-SA:2007:053",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_53_kernel.html"
},
{
"name": "24389",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24389"
},
{
"name": "DSA-1363",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1363"
},
{
"name": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.13",
"refsource": "CONFIRM",
"url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.13"
},
{
"name": "37113",
"refsource": "OSVDB",
"url": "http://osvdb.org/37113"
},
{
"name": "MDKSA-2007:171",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:171"
},
{
"name": "USN-510-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-510-1"
},
{
"name": "26647",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26647"
},
{
"name": "26760",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26760"
},
{
"name": "RHSA-2007:0705",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0705.html"
},
{
"name": "26620",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26620"
},
{
"name": "USN-489-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-489-1"
},
{
"name": "MDKSA-2007:196",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:196"
},
{
"name": "oval:org.mitre.oval:def:9251",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9251"
},
{
"name": "kernel-cpusettasksread-info-disclosure(34779)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34779"
},
{
"name": "1018211",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018211"
},
{
"name": "USN-486-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-486-1"
},
{
"name": "26139",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26139"
},
{
"name": "26133",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26133"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2007-2875",
"datePublished": "2007-06-11T22:00:00",
"dateReserved": "2007-05-29T00:00:00",
"dateUpdated": "2024-08-07T13:57:54.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2876 (GCVE-0-2007-2876)
Vulnerability from cvelistv5
Published
2007-06-11 23:00
Modified
2024-08-07 13:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The sctp_new function in (1) ip_conntrack_proto_sctp.c and (2) nf_conntrack_proto_sctp.c in Netfilter in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, allows remote attackers to cause a denial of service by causing certain invalid states that trigger a NULL pointer dereference.
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:57:54.199Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24376",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24376"
},
{
"name": "27227",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27227"
},
{
"name": "26664",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26664"
},
{
"name": "SUSE-SA:2007:051",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_51_kernel.html"
},
{
"name": "ADV-2007-2105",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2105"
},
{
"name": "SUSE-SA:2007:053",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_53_kernel.html"
},
{
"name": "SUSE-SA:2007:043",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_43_kernel.html"
},
{
"name": "26289",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26289"
},
{
"name": "25838",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25838"
},
{
"name": "MDKSA-2007:171",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:171"
},
{
"name": "USN-510-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-510-1"
},
{
"name": "DSA-1356",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1356"
},
{
"name": "26760",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26760"
},
{
"name": "RHSA-2007:0705",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0705.html"
},
{
"name": "26620",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26620"
},
{
"name": "USN-489-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-489-1"
},
{
"name": "MDKSA-2007:196",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:196"
},
{
"name": "kernel-sctpnew-dos(34777)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34777"
},
{
"name": "[linux-kernel] 20070608 Linux 2.6.21.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=linux-kernel\u0026m=118128622431272\u0026w=2"
},
{
"name": "25961",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25961"
},
{
"name": "oval:org.mitre.oval:def:10116",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10116"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-287.htm"
},
{
"name": "USN-486-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-486-1"
},
{
"name": "26450",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26450"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.4"
},
{
"name": "37112",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37112"
},
{
"name": "[linux-kernel] 20070608 Linux 2.6.20.13",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=linux-kernel\u0026m=118128610219959\u0026w=2"
},
{
"name": "26139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26139"
},
{
"name": "RHSA-2007:0488",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2007-0488.html"
},
{
"name": "26133",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26133"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The sctp_new function in (1) ip_conntrack_proto_sctp.c and (2) nf_conntrack_proto_sctp.c in Netfilter in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, allows remote attackers to cause a denial of service by causing certain invalid states that trigger a NULL pointer dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "24376",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24376"
},
{
"name": "27227",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27227"
},
{
"name": "26664",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26664"
},
{
"name": "SUSE-SA:2007:051",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_51_kernel.html"
},
{
"name": "ADV-2007-2105",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2105"
},
{
"name": "SUSE-SA:2007:053",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_53_kernel.html"
},
{
"name": "SUSE-SA:2007:043",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_43_kernel.html"
},
{
"name": "26289",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26289"
},
{
"name": "25838",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25838"
},
{
"name": "MDKSA-2007:171",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:171"
},
{
"name": "USN-510-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-510-1"
},
{
"name": "DSA-1356",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1356"
},
{
"name": "26760",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26760"
},
{
"name": "RHSA-2007:0705",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0705.html"
},
{
"name": "26620",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26620"
},
{
"name": "USN-489-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-489-1"
},
{
"name": "MDKSA-2007:196",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:196"
},
{
"name": "kernel-sctpnew-dos(34777)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34777"
},
{
"name": "[linux-kernel] 20070608 Linux 2.6.21.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=linux-kernel\u0026m=118128622431272\u0026w=2"
},
{
"name": "25961",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25961"
},
{
"name": "oval:org.mitre.oval:def:10116",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10116"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-287.htm"
},
{
"name": "USN-486-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-486-1"
},
{
"name": "26450",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26450"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.4"
},
{
"name": "37112",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37112"
},
{
"name": "[linux-kernel] 20070608 Linux 2.6.20.13",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=linux-kernel\u0026m=118128610219959\u0026w=2"
},
{
"name": "26139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26139"
},
{
"name": "RHSA-2007:0488",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2007-0488.html"
},
{
"name": "26133",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26133"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2007-2876",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sctp_new function in (1) ip_conntrack_proto_sctp.c and (2) nf_conntrack_proto_sctp.c in Netfilter in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, allows remote attackers to cause a denial of service by causing certain invalid states that trigger a NULL pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24376",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24376"
},
{
"name": "27227",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27227"
},
{
"name": "26664",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26664"
},
{
"name": "SUSE-SA:2007:051",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_51_kernel.html"
},
{
"name": "ADV-2007-2105",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2105"
},
{
"name": "SUSE-SA:2007:053",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_53_kernel.html"
},
{
"name": "SUSE-SA:2007:043",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_43_kernel.html"
},
{
"name": "26289",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26289"
},
{
"name": "25838",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25838"
},
{
"name": "MDKSA-2007:171",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:171"
},
{
"name": "USN-510-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-510-1"
},
{
"name": "DSA-1356",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1356"
},
{
"name": "26760",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26760"
},
{
"name": "RHSA-2007:0705",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0705.html"
},
{
"name": "26620",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26620"
},
{
"name": "USN-489-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-489-1"
},
{
"name": "MDKSA-2007:196",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:196"
},
{
"name": "kernel-sctpnew-dos(34777)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34777"
},
{
"name": "[linux-kernel] 20070608 Linux 2.6.21.4",
"refsource": "MLIST",
"url": "http://marc.info/?l=linux-kernel\u0026m=118128622431272\u0026w=2"
},
{
"name": "25961",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25961"
},
{
"name": "oval:org.mitre.oval:def:10116",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10116"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-287.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-287.htm"
},
{
"name": "USN-486-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-486-1"
},
{
"name": "26450",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26450"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.4",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.4"
},
{
"name": "37112",
"refsource": "OSVDB",
"url": "http://osvdb.org/37112"
},
{
"name": "[linux-kernel] 20070608 Linux 2.6.20.13",
"refsource": "MLIST",
"url": "http://marc.info/?l=linux-kernel\u0026m=118128610219959\u0026w=2"
},
{
"name": "26139",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26139"
},
{
"name": "RHSA-2007:0488",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2007-0488.html"
},
{
"name": "26133",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26133"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2007-2876",
"datePublished": "2007-06-11T23:00:00",
"dateReserved": "2007-05-29T00:00:00",
"dateUpdated": "2024-08-07T13:57:54.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2453 (GCVE-0-2007-2453)
Vulnerability from cvelistv5
Published
2007-06-11 23:00
Modified
2024-08-07 13:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The random number feature in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, (1) does not properly seed pools when there is no entropy, or (2) uses an incorrect cast when extracting entropy, which might cause the random number generator to provide the same values after reboots on systems without an entropy source.
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:42:32.344Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-470-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-470-1"
},
{
"name": "1018248",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018248"
},
{
"name": "26664",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26664"
},
{
"name": "SUSE-SA:2007:051",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_51_kernel.html"
},
{
"name": "ADV-2007-2105",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2105"
},
{
"name": "SUSE-SA:2007:043",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_43_kernel.html"
},
{
"name": "24390",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24390"
},
{
"name": "MDKSA-2007:171",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:171"
},
{
"name": "kernel-randomnumber-weak-security(34781)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34781"
},
{
"name": "DSA-1356",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1356"
},
{
"name": "MDKSA-2007:216",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:216"
},
{
"name": "26620",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26620"
},
{
"name": "USN-489-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-489-1"
},
{
"name": "MDKSA-2007:196",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:196"
},
{
"name": "[linux-kernel] 20070608 Linux 2.6.21.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=linux-kernel\u0026m=118128622431272\u0026w=2"
},
{
"name": "25961",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25961"
},
{
"name": "37114",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37114"
},
{
"name": "25596",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25596"
},
{
"name": "RHSA-2007:0376",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2007-0376.html"
},
{
"name": "USN-486-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-486-1"
},
{
"name": "26450",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26450"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.4"
},
{
"name": "25700",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25700"
},
{
"name": "[linux-kernel] 20070608 Linux 2.6.20.13",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=linux-kernel\u0026m=118128610219959\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:9960",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9960"
},
{
"name": "26139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26139"
},
{
"name": "26133",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26133"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The random number feature in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, (1) does not properly seed pools when there is no entropy, or (2) uses an incorrect cast when extracting entropy, which might cause the random number generator to provide the same values after reboots on systems without an entropy source."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-470-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-470-1"
},
{
"name": "1018248",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018248"
},
{
"name": "26664",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26664"
},
{
"name": "SUSE-SA:2007:051",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_51_kernel.html"
},
{
"name": "ADV-2007-2105",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2105"
},
{
"name": "SUSE-SA:2007:043",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_43_kernel.html"
},
{
"name": "24390",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24390"
},
{
"name": "MDKSA-2007:171",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:171"
},
{
"name": "kernel-randomnumber-weak-security(34781)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34781"
},
{
"name": "DSA-1356",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1356"
},
{
"name": "MDKSA-2007:216",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:216"
},
{
"name": "26620",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26620"
},
{
"name": "USN-489-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-489-1"
},
{
"name": "MDKSA-2007:196",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:196"
},
{
"name": "[linux-kernel] 20070608 Linux 2.6.21.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=linux-kernel\u0026m=118128622431272\u0026w=2"
},
{
"name": "25961",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25961"
},
{
"name": "37114",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37114"
},
{
"name": "25596",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25596"
},
{
"name": "RHSA-2007:0376",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2007-0376.html"
},
{
"name": "USN-486-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-486-1"
},
{
"name": "26450",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26450"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.4"
},
{
"name": "25700",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25700"
},
{
"name": "[linux-kernel] 20070608 Linux 2.6.20.13",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=linux-kernel\u0026m=118128610219959\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:9960",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9960"
},
{
"name": "26139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26139"
},
{
"name": "26133",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26133"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2007-2453",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The random number feature in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, (1) does not properly seed pools when there is no entropy, or (2) uses an incorrect cast when extracting entropy, which might cause the random number generator to provide the same values after reboots on systems without an entropy source."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-470-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-470-1"
},
{
"name": "1018248",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018248"
},
{
"name": "26664",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26664"
},
{
"name": "SUSE-SA:2007:051",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_51_kernel.html"
},
{
"name": "ADV-2007-2105",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2105"
},
{
"name": "SUSE-SA:2007:043",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_43_kernel.html"
},
{
"name": "24390",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24390"
},
{
"name": "MDKSA-2007:171",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:171"
},
{
"name": "kernel-randomnumber-weak-security(34781)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34781"
},
{
"name": "DSA-1356",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1356"
},
{
"name": "MDKSA-2007:216",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:216"
},
{
"name": "26620",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26620"
},
{
"name": "USN-489-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-489-1"
},
{
"name": "MDKSA-2007:196",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:196"
},
{
"name": "[linux-kernel] 20070608 Linux 2.6.21.4",
"refsource": "MLIST",
"url": "http://marc.info/?l=linux-kernel\u0026m=118128622431272\u0026w=2"
},
{
"name": "25961",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25961"
},
{
"name": "37114",
"refsource": "OSVDB",
"url": "http://osvdb.org/37114"
},
{
"name": "25596",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25596"
},
{
"name": "RHSA-2007:0376",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2007-0376.html"
},
{
"name": "USN-486-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-486-1"
},
{
"name": "26450",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26450"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.4",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.4"
},
{
"name": "25700",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25700"
},
{
"name": "[linux-kernel] 20070608 Linux 2.6.20.13",
"refsource": "MLIST",
"url": "http://marc.info/?l=linux-kernel\u0026m=118128610219959\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:9960",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9960"
},
{
"name": "26139",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26139"
},
{
"name": "26133",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26133"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2007-2453",
"datePublished": "2007-06-11T23:00:00",
"dateReserved": "2007-05-02T00:00:00",
"dateUpdated": "2024-08-07T13:42:32.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…