National Cyber-Alert System
Vulnerability Summary for CVE-2007-3731
Original release date:09/17/2007
Last revised:11/15/2008
Source:
US-CERT/NIST
Overview
The Linux kernel 2.6.20 and 2.6.21 does not properly handle an invalid LDT segment selector in %cs (the xcs field) during ptrace single-step operations, which allows local users to cause a denial of service (NULL dereference and OOPS) via certain code that makes ptrace PTRACE_SETREGS and PTRACE_SINGLESTEP requests, related to the TRACE_IRQS_ON function, and possibly related to the arch_ptrace function.
Impact
CVSS Severity (version 2.0):
Impact Subscore:
6.9
Exploitability Subscore:
3.9
CVSS Version 2 Metrics:
Access Vector: Locally exploitable
Access Complexity: Low
Authentication: Not required to exploit
Impact Type:Allows disruption of serviceUnknown
- Official Statement from Red Hat (10/18/2007)
-
This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.
External Source: CONFIRM
Name: https://bugzilla.redhat.com/show_bug.cgi?id=248324
Type: Patch Information
External Source: UBUNTU
Name: USN-518-1
External Source: BID
Name: 25801
External Source: REDHAT
Name: RHSA-2007:0940
External Source: DEBIAN
Name: DSA-1378
External Source: SECUNIA
Name: 27322
External Source: SECUNIA
Name: 26978
External Source: SECUNIA
Name: 26955
External Source: SECUNIA
Name: 26935
External Source: OSVDB
Name: 37286
External Source: CONFIRM
Name: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=a10d9a71bafd3a283da240d2868e71346d2aef6f
External Source: CONFIRM
Name: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=29eb51101c02df517ca64ec472d7501127ad1da8
External Source: MISC
Name: http://bugzilla.kernel.org/show_bug.cgi?id=8765
External Source: CONFIRM
Name: https://issues.rpath.com/browse/RPL-2304
External Source: BUGTRAQ
Name: 20080229 rPSA-2008-0094-1 kernel
External Source: CONFIRM
Name: http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0094
External Source: SECUNIA
Name: 29159