Lucene search
HistoryMay 07, 2007 - 7:19 p.m.
CVE-2007-1861
cve-2007-1861
linux kernel
denial of service
kernel panic
netlink_fib_lookup
stack overflow
nvd
CVSS2
4.9
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
AI Score
8.9
Confidence
High
EPSS
0.001
Percentile
32.5%
The nl_fib_lookup function in net/ipv4/fib_frontend.c in Linux Kernel before 2.6.20.8 allows attackers to cause a denial of service (kernel panic) via NETLINK_FIB_LOOKUP replies, which trigger infinite recursion and a stack overflow.
Affected configurations
Node
linuxlinux_kernelRange≤2.6.20.8
ORlinuxlinux_kernelMatch2.6.0
ORlinuxlinux_kernelMatch2.6.1
ORlinuxlinux_kernelMatch2.6.2
ORlinuxlinux_kernelMatch2.6.3
ORlinuxlinux_kernelMatch2.6.4
ORlinuxlinux_kernelMatch2.6.5
ORlinuxlinux_kernelMatch2.6.6
ORlinuxlinux_kernelMatch2.6.7
ORlinuxlinux_kernelMatch2.6.8
ORlinuxlinux_kernelMatch2.6.8.1
ORlinuxlinux_kernelMatch2.6.9
ORlinuxlinux_kernelMatch2.6.10
ORlinuxlinux_kernelMatch2.6.11
ORlinuxlinux_kernelMatch2.6.11.1
ORlinuxlinux_kernelMatch2.6.11.2
ORlinuxlinux_kernelMatch2.6.11.3
ORlinuxlinux_kernelMatch2.6.11.4
ORlinuxlinux_kernelMatch2.6.11.5
ORlinuxlinux_kernelMatch2.6.11.6
ORlinuxlinux_kernelMatch2.6.11.10
ORlinuxlinux_kernelMatch2.6.11.11
ORlinuxlinux_kernelMatch2.6.11.12
ORlinuxlinux_kernelMatch2.6.12
ORlinuxlinux_kernelMatch2.6.12.1
ORlinuxlinux_kernelMatch2.6.12.2
ORlinuxlinux_kernelMatch2.6.12.3
ORlinuxlinux_kernelMatch2.6.12.4
ORlinuxlinux_kernelMatch2.6.12.5
ORlinuxlinux_kernelMatch2.6.12.6
ORlinuxlinux_kernelMatch2.6.13
ORlinuxlinux_kernelMatch2.6.13.1
ORlinuxlinux_kernelMatch2.6.13.2
ORlinuxlinux_kernelMatch2.6.13.3
ORlinuxlinux_kernelMatch2.6.13.4
ORlinuxlinux_kernelMatch2.6.13.5
ORlinuxlinux_kernelMatch2.6.14
ORlinuxlinux_kernelMatch2.6.14.1
ORlinuxlinux_kernelMatch2.6.14.2
ORlinuxlinux_kernelMatch2.6.14.3
ORlinuxlinux_kernelMatch2.6.14.4
ORlinuxlinux_kernelMatch2.6.14.5
ORlinuxlinux_kernelMatch2.6.14.6
ORlinuxlinux_kernelMatch2.6.14.7
ORlinuxlinux_kernelMatch2.6.15
ORlinuxlinux_kernelMatch2.6.15.1
ORlinuxlinux_kernelMatch2.6.15.2
ORlinuxlinux_kernelMatch2.6.15.3
ORlinuxlinux_kernelMatch2.6.15.4
ORlinuxlinux_kernelMatch2.6.15.5
ORlinuxlinux_kernelMatch2.6.15.6
ORlinuxlinux_kernelMatch2.6.15.7
ORlinuxlinux_kernelMatch2.6.16
ORlinuxlinux_kernelMatch2.6.16.1
ORlinuxlinux_kernelMatch2.6.16.2
ORlinuxlinux_kernelMatch2.6.16.3
ORlinuxlinux_kernelMatch2.6.16.4
ORlinuxlinux_kernelMatch2.6.16.5
ORlinuxlinux_kernelMatch2.6.16.6
ORlinuxlinux_kernelMatch2.6.16.7
ORlinuxlinux_kernelMatch2.6.16.8
ORlinuxlinux_kernelMatch2.6.16.9
ORlinuxlinux_kernelMatch2.6.16.10
ORlinuxlinux_kernelMatch2.6.16.11
ORlinuxlinux_kernelMatch2.6.16.12
ORlinuxlinux_kernelMatch2.6.16.13
ORlinuxlinux_kernelMatch2.6.16.14
ORlinuxlinux_kernelMatch2.6.16.15
ORlinuxlinux_kernelMatch2.6.16.16
ORlinuxlinux_kernelMatch2.6.16.17
ORlinuxlinux_kernelMatch2.6.16.18
ORlinuxlinux_kernelMatch2.6.16.19
ORlinuxlinux_kernelMatch2.6.16.20
ORlinuxlinux_kernelMatch2.6.16.21
ORlinuxlinux_kernelMatch2.6.16.22
ORlinuxlinux_kernelMatch2.6.16.23
ORlinuxlinux_kernelMatch2.6.16.24
ORlinuxlinux_kernelMatch2.6.16.25
ORlinuxlinux_kernelMatch2.6.16.26
ORlinuxlinux_kernelMatch2.6.16.27
ORlinuxlinux_kernelMatch2.6.16.28
ORlinuxlinux_kernelMatch2.6.16.29
ORlinuxlinux_kernelMatch2.6.16.30
ORlinuxlinux_kernelMatch2.6.16.31
ORlinuxlinux_kernelMatch2.6.16.32
ORlinuxlinux_kernelMatch2.6.16.33
ORlinuxlinux_kernelMatch2.6.16.34
ORlinuxlinux_kernelMatch2.6.16.35
ORlinuxlinux_kernelMatch2.6.16.36
ORlinuxlinux_kernelMatch2.6.16.37
ORlinuxlinux_kernelMatch2.6.16.38
ORlinuxlinux_kernelMatch2.6.16.39
ORlinuxlinux_kernelMatch2.6.16.40
ORlinuxlinux_kernelMatch2.6.16.41
ORlinuxlinux_kernelMatch2.6.16.42
ORlinuxlinux_kernelMatch2.6.16.43
ORlinuxlinux_kernelMatch2.6.16.44
ORlinuxlinux_kernelMatch2.6.16.45
ORlinuxlinux_kernelMatch2.6.16.46
ORlinuxlinux_kernelMatch2.6.16.47
ORlinuxlinux_kernelMatch2.6.16.48
ORlinuxlinux_kernelMatch2.6.16.49
ORlinuxlinux_kernelMatch2.6.16.50
ORlinuxlinux_kernelMatch2.6.16.51
ORlinuxlinux_kernelMatch2.6.16.52
ORlinuxlinux_kernelMatch2.6.16.53
ORlinuxlinux_kernelMatch2.6.16.54
ORlinuxlinux_kernelMatch2.6.16.55
ORlinuxlinux_kernelMatch2.6.16.56
ORlinuxlinux_kernelMatch2.6.16.57
ORlinuxlinux_kernelMatch2.6.16.58
ORlinuxlinux_kernelMatch2.6.16.59
ORlinuxlinux_kernelMatch2.6.16.60
ORlinuxlinux_kernelMatch2.6.16.61
ORlinuxlinux_kernelMatch2.6.16.62
ORlinuxlinux_kernelMatch2.6.17
ORlinuxlinux_kernelMatch2.6.17.1
ORlinuxlinux_kernelMatch2.6.17.2
ORlinuxlinux_kernelMatch2.6.17.3
ORlinuxlinux_kernelMatch2.6.17.4
ORlinuxlinux_kernelMatch2.6.17.5
ORlinuxlinux_kernelMatch2.6.17.6
ORlinuxlinux_kernelMatch2.6.17.7
ORlinuxlinux_kernelMatch2.6.17.8
ORlinuxlinux_kernelMatch2.6.17.9
ORlinuxlinux_kernelMatch2.6.17.10
ORlinuxlinux_kernelMatch2.6.17.11
ORlinuxlinux_kernelMatch2.6.17.12
ORlinuxlinux_kernelMatch2.6.17.13
ORlinuxlinux_kernelMatch2.6.17.14
ORlinuxlinux_kernelMatch2.6.18
ORlinuxlinux_kernelMatch2.6.18.1
ORlinuxlinux_kernelMatch2.6.18.3
ORlinuxlinux_kernelMatch2.6.18.5
ORlinuxlinux_kernelMatch2.6.18.6
ORlinuxlinux_kernelMatch2.6.18.8
ORlinuxlinux_kernelMatch2.6.19
ORlinuxlinux_kernelMatch2.6.19.2
ORlinuxlinux_kernelMatch2.6.19.3
ORlinuxlinux_kernelMatch2.6.19.4
ORlinuxlinux_kernelMatch2.6.19.5
ORlinuxlinux_kernelMatch2.6.19.6
ORlinuxlinux_kernelMatch2.6.19.7
ORlinuxlinux_kernelMatch2.6.20
ORlinuxlinux_kernelMatch2.6.20.1
ORlinuxlinux_kernelMatch2.6.20.2
ORlinuxlinux_kernelMatch2.6.20.3
ORlinuxlinux_kernelMatch2.6.20.4
ORlinuxlinux_kernelMatch2.6.20.5
ORlinuxlinux_kernelMatch2.6.20.6
ORlinuxlinux_kernelMatch2.6.20.7
| Vendor | Product | Version | CPE |
|---|---|---|---|
| linux | linux_kernel | 2.6.15.4 | cpe:/o:linux:linux_kernel:2.6.15.4::: |
| linux | linux_kernel | 2.6.16.16 | cpe:/o:linux:linux_kernel:2.6.16.16::: |
| linux | linux_kernel | 2.6.12.1 | cpe:/o:linux:linux_kernel:2.6.12.1::: |
| linux | linux_kernel | 2.6.16.44 | cpe:/o:linux:linux_kernel:2.6.16.44::: |
| linux | linux_kernel | 2.6.14.3 | cpe:/o:linux:linux_kernel:2.6.14.3::: |
| linux | linux_kernel | 2.6.16.57 | cpe:/o:linux:linux_kernel:2.6.16.57::: |
| linux | linux_kernel | 2.6.16.5 | cpe:/o:linux:linux_kernel:2.6.16.5::: |
| linux | linux_kernel | 2.6.16.53 | cpe:/o:linux:linux_kernel:2.6.16.53::: |
| linux | linux_kernel | 2.6.16.28 | cpe:/o:linux:linux_kernel:2.6.16.28::: |
| linux | linux_kernel | 2.6.20.4 | cpe:/o:linux:linux_kernel:2.6.20.4::: |
References
kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.8
secunia.com/advisories/25030
secunia.com/advisories/25083
secunia.com/advisories/25228
secunia.com/advisories/25288
secunia.com/advisories/25691
secunia.com/advisories/25961
secunia.com/advisories/26133
secunia.com/advisories/26139
secunia.com/advisories/26620
www.debian.org/security/2007/dsa-1289
www.mandriva.com/security/advisories?name=MDKSA-2007:171
www.novell.com/linux/security/advisories/2007_43_kernel.html
www.redhat.com/support/errata/RHSA-2007-0347.html
www.securityfocus.com/archive/1/467939/30/6690/threaded
www.securityfocus.com/archive/1/471457
www.securityfocus.com/bid/23677
www.ubuntu.com/usn/usn-486-1
www.ubuntu.com/usn/usn-489-1
www.vupen.com/english/advisories/2007/1595
bugzilla.redhat.com/bugzilla/show_bug.cgi?id=237913
exchange.xforce.ibmcloud.com/vulnerabilities/34014
issues.rpath.com/browse/RPL-1309
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11616
Social References
More
Related
cvelist
cvelist
CVE-2007-1861
2007-05-07 19:00:00
nvd
nvd
CVE-2007-1861
2007-05-07 19:19:00
CVE-2007-2436
2007-05-02 10:19:00
securityvulns
securityvulns
Linux netlink DoS
2007-05-09 00:00:00
[USN-489-1] Linux kernel vulnerabilities
2007-07-19 00:00:00
prion
prion
Stack overflow
2007-05-07 19:19:00
Design/Logic Flaw
2007-05-02 10:19:00
ubuntucve
ubuntucve
CVE-2007-1861
2007-05-07 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:18:29
nessus
nessus
Fedora Core 5 : kernel-2.6.20-1.2316.fc5 (2007-483)
2007-05-02 00:00:00
Fedora Core 6 : kernel-2.6.20-1.2948.fc6 (2007-482)
2007-05-02 00:00:00
Debian DSA-1289-1 : linux-2.6 - several vulnerabilities
2007-05-16 00:00:00
openvas
openvas
Fedora Update for kernel FEDORA-2007-482
2009-02-27 00:00:00
Fedora Update for kernel FEDORA-2007-482
2009-02-27 00:00:00
Debian Security Advisory DSA 1289-1 (linux-2.6)
2008-01-17 00:00:00
fedora
fedora
[SECURITY] Fedora Core 6 Update: kernel-2.6.20-1.2948.fc6
2007-05-01 16:21:51
[SECURITY] Fedora Core 5 Update: kernel-2.6.20-1.2316.fc5
2007-05-01 16:32:15
cve
cve
CVE-2007-2436
2007-05-02 10:19:00
debian
debian
osv
osv
linux-2.6
2007-05-13 00:00:00
redhat
redhat
(RHSA-2007:0347) Important: kernel security and bug fix update
2007-05-16 00:00:00
centos
centos
kernel security update
2007-05-20 02:21:06
suse
suse
remote denial of service in kernel
2007-07-09 14:31:09
ubuntu
ubuntu
Linux kernel vulnerabilities
2007-07-18 00:00:00
Linux kernel vulnerabilities
2007-07-19 00:00:00
oraclelinux
oraclelinux
Important: kernel security and bug fix update
2007-06-26 00:00:00
CVSS2
4.9
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
AI Score
8.9
Confidence
High
EPSS
0.001
Percentile
32.5%
Related for CVE-2007-1861