Lucene search

K

[email protected]CVE-2007-2172

HistoryApr 22, 2007 - 7:19 p.m.

CVE-2007-2172

2007-04-2219:19:00

CWE-20

[email protected]

web.nvd.nist.gov

45

cve-2007-2172

linux kernel

out-of-bounds access

security vulnerability

nvd

4.7 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.1%

A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before 2.4.35 causes RTA_MAX to be used as an array size instead of RTN_MAX, which leads to an “out of bound access” by the (1) dn_fib_props (dn_fib.c, DECNet) and (2) fib_props (fib_semantics.c, IPv4) functions.

Affected configurations

NVD

Node

linuxlinux_kernelRange2.4.0–2.4.35

OR

linuxlinux_kernelRange2.6.0–2.6.20

OR

linuxlinux_kernelMatch2.6.21git1

OR

linuxlinux_kernelMatch2.6.21git2

OR

linuxlinux_kernelMatch2.6.21git3

OR

linuxlinux_kernelMatch2.6.21git4

OR

linuxlinux_kernelMatch2.6.21git5

OR

linuxlinux_kernelMatch2.6.21git6

OR

linuxlinux_kernelMatch2.6.21git7

OR

linuxlinux_kernelMatch2.6.21rc1

OR

linuxlinux_kernelMatch2.6.21rc2

OR

linuxlinux_kernelMatch2.6.21rc3

OR

linuxlinux_kernelMatch2.6.21rc4

OR

linuxlinux_kernelMatch2.6.21rc5

Node

debiandebian_linuxMatch3.1

OR

debiandebian_linuxMatch4.0

Node

canonicalubuntu_linuxMatch6.06lts

OR

canonicalubuntu_linuxMatch6.10

OR

canonicalubuntu_linuxMatch7.04

CPENameOperatorVersion
linux:linux_kernellinux linux kernellt2.4.35
linux:linux_kernellinux linux kernelle2.6.20
linux:linux_kernellinux linux kerneleq2.6.21

References

kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.21-rc6

rhn.redhat.com/errata/RHSA-2007-0488.html

secunia.com/advisories/25068

secunia.com/advisories/25288

secunia.com/advisories/25392

secunia.com/advisories/25838

secunia.com/advisories/26289

secunia.com/advisories/26450

secunia.com/advisories/26620

secunia.com/advisories/26647

secunia.com/advisories/27913

secunia.com/advisories/29058

secunia.com/advisories/33280

support.avaya.com/elmodocs2/security/ASA-2007-287.htm

www.debian.org/security/2007/dsa-1356

www.debian.org/security/2007/dsa-1363

www.debian.org/security/2008/dsa-1503

www.debian.org/security/2008/dsa-1504

www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.35

www.mail-archive.com/git-commits-head%40vger.kernel.org/msg08269.html

www.mail-archive.com/git-commits-head%40vger.kernel.org/msg08270.html

www.mandriva.com/security/advisories?name=MDKSA-2007:171

www.mandriva.com/security/advisories?name=MDKSA-2007:196

www.mandriva.com/security/advisories?name=MDKSA-2007:216

www.redhat.com/support/errata/RHSA-2007-0347.html

www.redhat.com/support/errata/RHSA-2007-1049.html

www.redhat.com/support/errata/RHSA-2008-0787.html

www.securityfocus.com/bid/23447

www.ubuntu.com/usn/usn-464-1

www.vupen.com/english/advisories/2007/2690

exchange.xforce.ibmcloud.com/vulnerabilities/33979

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10764

4.7 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.1%

Related for CVE-2007-2172

cvelist1 veracode1 prion1 ubuntucve1 securityvulns3 nvd1 openvas29 nessus19 debian5 oraclelinux3 redhat5 osv5 centos4 ubuntu1