4.6

CVE-2007-3105

Stack-based buffer overflow in the random number generator (RNG) implementation in the Linux kernel before 2.6.22 might allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater than the output pool size, which triggers writing random numbers to the stack by the pool transfer function involving "bound check ordering".  NOTE: this issue might only cross privilege boundaries in environments that have granular assignment of privileges for root.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version <= 2.6.22
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.45% 0.36
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://secunia.com/advisories/29058
Vendor Advisory
http://secunia.com/advisories/26651
Vendor Advisory
http://www.ubuntu.com/usn/usn-508-1
http://secunia.com/advisories/27227
Vendor Advisory
http://www.novell.com/linux/security/advisories/2007_53_kernel.html
http://www.debian.org/security/2008/dsa-1504
http://secunia.com/advisories/27436
Vendor Advisory
http://secunia.com/advisories/27747
Vendor Advisory
http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm
http://www.redhat.com/support/errata/RHSA-2007-0939.html
http://www.mandriva.com/security/advisories?name=MDKSA-2007:196
http://secunia.com/advisories/26647
Vendor Advisory
http://www.debian.org/security/2007/dsa-1363
http://www.mandriva.com/security/advisories?name=MDKSA-2007:216
http://secunia.com/advisories/26664
Vendor Advisory
http://www.novell.com/linux/security/advisories/2007_51_kernel.html
http://www.ubuntu.com/usn/usn-510-1
http://secunia.com/advisories/26643
Vendor Advisory
http://www.ubuntu.com/usn/usn-509-1
http://secunia.com/advisories/27212
Vendor Advisory
http://secunia.com/advisories/27322
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:195
http://www.redhat.com/support/errata/RHSA-2007-0940.html
http://secunia.com/advisories/26500
Vendor Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.22-git14.log
http://www.securityfocus.com/bid/25348
https://issues.rpath.com/browse/RPL-1650
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10371