rhsa-2007_0673
Vulnerability from csaf_redhat
Published
2007-08-08 18:54
Modified
2024-11-22 01:20
Summary
Red Hat Security Advisory: kernel security update

Notes

Topic
Updated kernel packages that fix a number of security issues are now available for Red Hat Enterprise Linux 2.1 (64-bit architectures). This security advisory has been rated as having important security impact by the Red Hat Security Response Team.
Details
The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below: * a flaw in IPV6 flow label handling that allowed a local user to cause a denial of service (crash). (CVE-2007-1592, Important) * a flaw in the ISDN CAPI subsystem that allowed a remote user to cause a denial of service or potential privilege escalation. (CVE-2007-1217, Moderate) * a flaw in the Bluetooth subsystem that allowed a local user to trigger an information leak. (CVE-2007-1353, Low) * a flaw in the supported filesystems that allowed a local privileged user to cause a denial of service. (CVE-2006-6054, Low) Red Hat would like to thank Ilja van Sprundel for reporting an issue fixed in this erratum. All Red Hat Enterprise Linux 2.1 users are advised to upgrade their kernels to these updated packages, which contain backported fixes to correct these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.



{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated kernel packages that fix a number of security issues are now\navailable for Red Hat Enterprise Linux 2.1 (64-bit architectures).\n\nThis security advisory has been rated as having important security impact by\nthe Red Hat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The Linux kernel handles the basic functions of the operating system.\n\nThese new kernel packages contain fixes for the security issues described\nbelow:\n\n* a flaw in IPV6 flow label handling that allowed a local user to\ncause a denial of service (crash). (CVE-2007-1592, Important)\n\n* a flaw in the ISDN CAPI subsystem that allowed a remote user to cause a\ndenial of service or potential privilege escalation. (CVE-2007-1217, Moderate)\n\n* a flaw in the Bluetooth subsystem that allowed a local user to trigger an\ninformation leak. (CVE-2007-1353, Low)\n\n* a flaw in the supported filesystems that allowed a local privileged user\nto cause a denial of service. (CVE-2006-6054, Low)\n\nRed Hat would like to thank Ilja van Sprundel for reporting an issue fixed\nin this erratum.\n\nAll Red Hat Enterprise Linux 2.1 users are advised to upgrade their kernels\nto these updated packages, which contain backported fixes to correct these\nissues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2007:0673",
        "url": "https://access.redhat.com/errata/RHSA-2007:0673"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "217024",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=217024"
      },
      {
        "category": "external",
        "summary": "231071",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=231071"
      },
      {
        "category": "external",
        "summary": "233484",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=233484"
      },
      {
        "category": "external",
        "summary": "234296",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=234296"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2007/rhsa-2007_0673.json"
      }
    ],
    "title": "Red Hat Security Advisory: kernel security update",
    "tracking": {
      "current_release_date": "2024-11-22T01:20:51+00:00",
      "generator": {
        "date": "2024-11-22T01:20:51+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2007:0673",
      "initial_release_date": "2007-08-08T18:54:00+00:00",
      "revision_history": [
        {
          "date": "2007-08-08T18:54:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2007-08-08T14:54:27+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T01:20:51+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                "product": {
                  "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_id": "2.1AS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux Advanced Workstation 2.1",
                "product": {
                  "name": "Red Hat Linux Advanced Workstation 2.1",
                  "product_id": "2.1AW",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::aw"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-0:2.4.18-e.65.ia64",
                "product": {
                  "name": "kernel-0:2.4.18-e.65.ia64",
                  "product_id": "kernel-0:2.4.18-e.65.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel@2.4.18-e.65?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-doc-0:2.4.18-e.65.ia64",
                "product": {
                  "name": "kernel-doc-0:2.4.18-e.65.ia64",
                  "product_id": "kernel-doc-0:2.4.18-e.65.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-doc@2.4.18-e.65?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-source-0:2.4.18-e.65.ia64",
                "product": {
                  "name": "kernel-source-0:2.4.18-e.65.ia64",
                  "product_id": "kernel-source-0:2.4.18-e.65.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-source@2.4.18-e.65?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-smp-0:2.4.18-e.65.ia64",
                "product": {
                  "name": "kernel-smp-0:2.4.18-e.65.ia64",
                  "product_id": "kernel-smp-0:2.4.18-e.65.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-smp@2.4.18-e.65?arch=ia64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ia64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-0:2.4.18-e.65.src",
                "product": {
                  "name": "kernel-0:2.4.18-e.65.src",
                  "product_id": "kernel-0:2.4.18-e.65.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel@2.4.18-e.65?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-0:2.4.18-e.65.ia64 as a component of Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "product_id": "2.1AS:kernel-0:2.4.18-e.65.ia64"
        },
        "product_reference": "kernel-0:2.4.18-e.65.ia64",
        "relates_to_product_reference": "2.1AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-0:2.4.18-e.65.src as a component of Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "product_id": "2.1AS:kernel-0:2.4.18-e.65.src"
        },
        "product_reference": "kernel-0:2.4.18-e.65.src",
        "relates_to_product_reference": "2.1AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-doc-0:2.4.18-e.65.ia64 as a component of Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "product_id": "2.1AS:kernel-doc-0:2.4.18-e.65.ia64"
        },
        "product_reference": "kernel-doc-0:2.4.18-e.65.ia64",
        "relates_to_product_reference": "2.1AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-smp-0:2.4.18-e.65.ia64 as a component of Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "product_id": "2.1AS:kernel-smp-0:2.4.18-e.65.ia64"
        },
        "product_reference": "kernel-smp-0:2.4.18-e.65.ia64",
        "relates_to_product_reference": "2.1AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-source-0:2.4.18-e.65.ia64 as a component of Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "product_id": "2.1AS:kernel-source-0:2.4.18-e.65.ia64"
        },
        "product_reference": "kernel-source-0:2.4.18-e.65.ia64",
        "relates_to_product_reference": "2.1AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-0:2.4.18-e.65.ia64 as a component of Red Hat Linux Advanced Workstation 2.1",
          "product_id": "2.1AW:kernel-0:2.4.18-e.65.ia64"
        },
        "product_reference": "kernel-0:2.4.18-e.65.ia64",
        "relates_to_product_reference": "2.1AW"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-0:2.4.18-e.65.src as a component of Red Hat Linux Advanced Workstation 2.1",
          "product_id": "2.1AW:kernel-0:2.4.18-e.65.src"
        },
        "product_reference": "kernel-0:2.4.18-e.65.src",
        "relates_to_product_reference": "2.1AW"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-doc-0:2.4.18-e.65.ia64 as a component of Red Hat Linux Advanced Workstation 2.1",
          "product_id": "2.1AW:kernel-doc-0:2.4.18-e.65.ia64"
        },
        "product_reference": "kernel-doc-0:2.4.18-e.65.ia64",
        "relates_to_product_reference": "2.1AW"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-smp-0:2.4.18-e.65.ia64 as a component of Red Hat Linux Advanced Workstation 2.1",
          "product_id": "2.1AW:kernel-smp-0:2.4.18-e.65.ia64"
        },
        "product_reference": "kernel-smp-0:2.4.18-e.65.ia64",
        "relates_to_product_reference": "2.1AW"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-source-0:2.4.18-e.65.ia64 as a component of Red Hat Linux Advanced Workstation 2.1",
          "product_id": "2.1AW:kernel-source-0:2.4.18-e.65.ia64"
        },
        "product_reference": "kernel-source-0:2.4.18-e.65.ia64",
        "relates_to_product_reference": "2.1AW"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2006-6054",
      "discovery_date": "2006-11-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618234"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The ext2 file system code in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via an ext2 stream with malformed data structures that triggers an error in the ext2_check_page due to a length that is smaller than the minimum.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "2.1AS:kernel-0:2.4.18-e.65.ia64",
          "2.1AS:kernel-0:2.4.18-e.65.src",
          "2.1AS:kernel-doc-0:2.4.18-e.65.ia64",
          "2.1AS:kernel-smp-0:2.4.18-e.65.ia64",
          "2.1AS:kernel-source-0:2.4.18-e.65.ia64",
          "2.1AW:kernel-0:2.4.18-e.65.ia64",
          "2.1AW:kernel-0:2.4.18-e.65.src",
          "2.1AW:kernel-doc-0:2.4.18-e.65.ia64",
          "2.1AW:kernel-smp-0:2.4.18-e.65.ia64",
          "2.1AW:kernel-source-0:2.4.18-e.65.ia64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-6054"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618234",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618234"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-6054",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-6054"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-6054",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-6054"
        }
      ],
      "release_date": "2006-11-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-08-08T18:54:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "2.1AS:kernel-0:2.4.18-e.65.ia64",
            "2.1AS:kernel-0:2.4.18-e.65.src",
            "2.1AS:kernel-doc-0:2.4.18-e.65.ia64",
            "2.1AS:kernel-smp-0:2.4.18-e.65.ia64",
            "2.1AS:kernel-source-0:2.4.18-e.65.ia64",
            "2.1AW:kernel-0:2.4.18-e.65.ia64",
            "2.1AW:kernel-0:2.4.18-e.65.src",
            "2.1AW:kernel-doc-0:2.4.18-e.65.ia64",
            "2.1AW:kernel-smp-0:2.4.18-e.65.ia64",
            "2.1AW:kernel-source-0:2.4.18-e.65.ia64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0673"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2007-1217",
      "discovery_date": "2007-03-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "402741"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflow in the bufprint function in capiutil.c in libcapi, as used in Linux kernel 2.6.9 to 2.6.20 and isdn4k-utils, allows local users to cause a denial of service (crash) and possibly gain privileges via a crafted CAPI packet.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Kernel: CAPI overflow",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "2.1AS:kernel-0:2.4.18-e.65.ia64",
          "2.1AS:kernel-0:2.4.18-e.65.src",
          "2.1AS:kernel-doc-0:2.4.18-e.65.ia64",
          "2.1AS:kernel-smp-0:2.4.18-e.65.ia64",
          "2.1AS:kernel-source-0:2.4.18-e.65.ia64",
          "2.1AW:kernel-0:2.4.18-e.65.ia64",
          "2.1AW:kernel-0:2.4.18-e.65.src",
          "2.1AW:kernel-doc-0:2.4.18-e.65.ia64",
          "2.1AW:kernel-smp-0:2.4.18-e.65.ia64",
          "2.1AW:kernel-source-0:2.4.18-e.65.ia64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-1217"
        },
        {
          "category": "external",
          "summary": "RHBZ#402741",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=402741"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1217",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-1217"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1217",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1217"
        }
      ],
      "release_date": "2007-03-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-08-08T18:54:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "2.1AS:kernel-0:2.4.18-e.65.ia64",
            "2.1AS:kernel-0:2.4.18-e.65.src",
            "2.1AS:kernel-doc-0:2.4.18-e.65.ia64",
            "2.1AS:kernel-smp-0:2.4.18-e.65.ia64",
            "2.1AS:kernel-source-0:2.4.18-e.65.ia64",
            "2.1AW:kernel-0:2.4.18-e.65.ia64",
            "2.1AW:kernel-0:2.4.18-e.65.src",
            "2.1AW:kernel-doc-0:2.4.18-e.65.ia64",
            "2.1AW:kernel-smp-0:2.4.18-e.65.ia64",
            "2.1AW:kernel-source-0:2.4.18-e.65.ia64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0673"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Kernel: CAPI overflow"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Ilja van Sprundel"
          ]
        }
      ],
      "cve": "CVE-2007-1353",
      "discovery_date": "2007-03-28T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "243259"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The setsockopt function in the L2CAP and HCI Bluetooth support in the Linux kernel before 2.4.34.3 allows context-dependent attackers to read kernel memory and obtain sensitive information via unspecified vectors involving the copy_from_user function accessing an uninitialized stack buffer.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Bluetooth setsockopt() information leaks",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "2.1AS:kernel-0:2.4.18-e.65.ia64",
          "2.1AS:kernel-0:2.4.18-e.65.src",
          "2.1AS:kernel-doc-0:2.4.18-e.65.ia64",
          "2.1AS:kernel-smp-0:2.4.18-e.65.ia64",
          "2.1AS:kernel-source-0:2.4.18-e.65.ia64",
          "2.1AW:kernel-0:2.4.18-e.65.ia64",
          "2.1AW:kernel-0:2.4.18-e.65.src",
          "2.1AW:kernel-doc-0:2.4.18-e.65.ia64",
          "2.1AW:kernel-smp-0:2.4.18-e.65.ia64",
          "2.1AW:kernel-source-0:2.4.18-e.65.ia64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-1353"
        },
        {
          "category": "external",
          "summary": "RHBZ#243259",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=243259"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1353",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-1353"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1353",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1353"
        }
      ],
      "release_date": "2007-04-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-08-08T18:54:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "2.1AS:kernel-0:2.4.18-e.65.ia64",
            "2.1AS:kernel-0:2.4.18-e.65.src",
            "2.1AS:kernel-doc-0:2.4.18-e.65.ia64",
            "2.1AS:kernel-smp-0:2.4.18-e.65.ia64",
            "2.1AS:kernel-source-0:2.4.18-e.65.ia64",
            "2.1AW:kernel-0:2.4.18-e.65.ia64",
            "2.1AW:kernel-0:2.4.18-e.65.src",
            "2.1AW:kernel-doc-0:2.4.18-e.65.ia64",
            "2.1AW:kernel-smp-0:2.4.18-e.65.ia64",
            "2.1AW:kernel-source-0:2.4.18-e.65.ia64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0673"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "Bluetooth setsockopt() information leaks"
    },
    {
      "cve": "CVE-2007-1592",
      "discovery_date": "2007-03-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "243258"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "net/ipv6/tcp_ipv6.c in Linux kernel 2.6.x up to 2.6.21-rc3 inadvertently copies the ipv6_fl_socklist from a listening TCP socket to child sockets, which allows local users to cause a denial of service (OOPS) or double free by opening a listening IPv6 socket, attaching a flow label, and connecting to that socket.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "IPv6 oops triggerable by any user",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "2.1AS:kernel-0:2.4.18-e.65.ia64",
          "2.1AS:kernel-0:2.4.18-e.65.src",
          "2.1AS:kernel-doc-0:2.4.18-e.65.ia64",
          "2.1AS:kernel-smp-0:2.4.18-e.65.ia64",
          "2.1AS:kernel-source-0:2.4.18-e.65.ia64",
          "2.1AW:kernel-0:2.4.18-e.65.ia64",
          "2.1AW:kernel-0:2.4.18-e.65.src",
          "2.1AW:kernel-doc-0:2.4.18-e.65.ia64",
          "2.1AW:kernel-smp-0:2.4.18-e.65.ia64",
          "2.1AW:kernel-source-0:2.4.18-e.65.ia64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-1592"
        },
        {
          "category": "external",
          "summary": "RHBZ#243258",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=243258"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1592",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-1592"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1592",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1592"
        }
      ],
      "release_date": "2007-03-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-08-08T18:54:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "2.1AS:kernel-0:2.4.18-e.65.ia64",
            "2.1AS:kernel-0:2.4.18-e.65.src",
            "2.1AS:kernel-doc-0:2.4.18-e.65.ia64",
            "2.1AS:kernel-smp-0:2.4.18-e.65.ia64",
            "2.1AS:kernel-source-0:2.4.18-e.65.ia64",
            "2.1AW:kernel-0:2.4.18-e.65.ia64",
            "2.1AW:kernel-0:2.4.18-e.65.src",
            "2.1AW:kernel-doc-0:2.4.18-e.65.ia64",
            "2.1AW:kernel-smp-0:2.4.18-e.65.ia64",
            "2.1AW:kernel-source-0:2.4.18-e.65.ia64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0673"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "IPv6 oops triggerable by any user"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.