#VU92866 Memory corruption in Linux kernel - CVE-2007-3105

Cybersecurity Help s.r.o.

Published: 2007-07-28 | Updated: 2023-02-13

Vulnerability identifier: #VU92866

Vulnerability risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2007-3105

CWE-ID: CWE-119

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to read and manipulate data.

Stack-based buffer overflow in the random number generator (RNG) implementation in the Linux kernel before 2.6.22 might allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater than the output pool size, which triggers writing random numbers to the stack by the pool transfer function involving 'bound check ordering'. NOTE: this issue might only cross privilege boundaries in environments that have granular assignment of privileges for root.

Mitigation
Install update from vendor's repository.

Vulnerable software versions

Linux kernel: All versions

External links
https://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.22-git14.log
https://issues.rpath.com/browse/RPL-1650
https://support.avaya.com/elmodocs2/security/ASA-2007-474.htm
https://www.debian.org/security/2007/dsa-1363
https://www.mandriva.com/security/advisories?name=MDKSA-2007:196
https://www.mandriva.com/security/advisories?name=MDKSA-2007:195
https://www.mandriva.com/security/advisories?name=MDKSA-2007:216
https://www.redhat.com/support/errata/RHSA-2007-0940.html
https://www.redhat.com/support/errata/RHSA-2007-0939.html
https://www.novell.com/linux/security/advisories/2007_51_kernel.html
https://www.novell.com/linux/security/advisories/2007_53_kernel.html
https://www.ubuntu.com/usn/usn-510-1
https://www.ubuntu.com/usn/usn-508-1
https://www.ubuntu.com/usn/usn-509-1
https://www.securityfocus.com/bid/25348
https://secunia.com/advisories/26500
https://secunia.com/advisories/26647
https://secunia.com/advisories/26643
https://secunia.com/advisories/26651
https://secunia.com/advisories/27322
https://secunia.com/advisories/27436
https://secunia.com/advisories/26664
https://secunia.com/advisories/27212
https://secunia.com/advisories/27227
https://secunia.com/advisories/27747
https://www.debian.org/security/2008/dsa-1504
https://secunia.com/advisories/29058
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10371

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Memory corruption in Linux kernel