4.6
CVE-2007-3105
- EPSS 0.45%
- Veröffentlicht 27.07.2007 21:30:00
- Zuletzt bearbeitet 16.06.2026 22:41:04
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Stack-based buffer overflow in the random number generator (RNG) implementation in the Linux kernel before 2.6.22 might allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater than the output pool size, which triggers writing random numbers to the stack by the pool transfer function involving "bound check ordering". NOTE: this issue might only cross privilege boundaries in environments that have granular assignment of privileges for root.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version <= 2.6.22
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.45% | 0.36 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.6 | 3.9 | 6.4 |
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://secunia.com/advisories/29058
http://secunia.com/advisories/26651
http://www.ubuntu.com/usn/usn-508-1
http://secunia.com/advisories/27227
http://www.novell.com/linux/security/advisories/2007_53_kernel.html
http://www.debian.org/security/2008/dsa-1504
http://secunia.com/advisories/27436
http://secunia.com/advisories/27747
http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm
http://www.redhat.com/support/errata/RHSA-2007-0939.html
http://www.mandriva.com/security/advisories?name=MDKSA-2007:196
http://secunia.com/advisories/26647
http://www.debian.org/security/2007/dsa-1363
http://www.mandriva.com/security/advisories?name=MDKSA-2007:216
http://secunia.com/advisories/26664
http://www.novell.com/linux/security/advisories/2007_51_kernel.html
http://www.ubuntu.com/usn/usn-510-1
http://secunia.com/advisories/26643
http://www.ubuntu.com/usn/usn-509-1
http://secunia.com/advisories/27212
http://secunia.com/advisories/27322
http://www.mandriva.com/security/advisories?name=MDKSA-2007:195
http://www.redhat.com/support/errata/RHSA-2007-0940.html
http://secunia.com/advisories/26500
http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.22-git14.log
http://www.securityfocus.com/bid/25348
https://issues.rpath.com/browse/RPL-1650
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10371