CVE-2007-4573

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The IA32 system call emulation functionality in Linux kernel 2.4.x and 2.6.x before 2.6.22.7, when running on the x86_64 architecture, does not zero extend the eax register after the 32bit entry path to ptrace is used, which might allow local users to gain privileges by triggering an out-of-bounds access to the system call table using the %RAX register.

References

http://fedoranews.org/updates/FEDORA-2007-229.shtml

http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.35.3

http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00001.html

http://lkml.org/lkml/2007/9/21/512

http://lkml.org/lkml/2007/9/21/513

http://marc.info/?l=full-disclosure&m=119062587407908&w=2

http://secunia.com/advisories/26917

http://secunia.com/advisories/26919

http://secunia.com/advisories/26934

http://secunia.com/advisories/26953

http://secunia.com/advisories/26955

http://secunia.com/advisories/26978

http://secunia.com/advisories/26994

http://secunia.com/advisories/26995

http://secunia.com/advisories/27212

http://secunia.com/advisories/27227

http://secunia.com/advisories/27912

http://secunia.com/advisories/29058

http://securitytracker.com/id?1018748

http://www.debian.org/security/2007/dsa-1378

http://www.debian.org/security/2007/dsa-1381

http://www.debian.org/security/2008/dsa-1504

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.7

http://www.mandriva.com/security/advisories?name=MDKSA-2007:195

http://www.mandriva.com/security/advisories?name=MDKSA-2007:196

http://www.mandriva.com/security/advisories?name=MDVSA-2008:008

http://www.mandriva.com/security/advisories?name=MDVSA-2008:105

http://www.novell.com/linux/security/advisories/2007_53_kernel.html

http://www.redhat.com/support/errata/RHSA-2007-0936.html

http://www.redhat.com/support/errata/RHSA-2007-0937.html

http://www.redhat.com/support/errata/RHSA-2007-0938.html

http://www.securityfocus.com/archive/1/480451/100/0/threaded

http://www.securityfocus.com/archive/1/480705/100/0/threaded

http://www.securityfocus.com/bid/25774

http://www.ubuntu.com/usn/usn-518-1

http://www.vupen.com/english/advisories/2007/3246

https://issues.rpath.com/browse/RPL-1754

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9735

https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00355.html

Details

Source: MITRE

Published: 2007-09-24

Updated: 2018-10-15

Type: CWE-264

Risk Information

CVSS v2

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:x86_64:*:*:*:*:* versions up to 2.4.35 (inclusive)

cpe:2.3:o:linux:linux_kernel:*:*:x86_64:*:*:*:*:* versions up to 2.6.22.6 (inclusive)

Tenable Plugins

View all (29 total)

IDNameProductFamilySeverity
67579Oracle Linux 3 : kernel (ELSA-2007-0938)NessusOracle Linux Local Security Checks
high
67578Oracle Linux 4 : kernel (ELSA-2007-0937)NessusOracle Linux Local Security Checks
high
67577Oracle Linux 5 : kernel (ELSA-2007-0936)NessusOracle Linux Local Security Checks
high
60258Scientific Linux Security Update : kernel on SL5.x, SL4.x, SL3.x i386/x86_64NessusScientific Linux Local Security Checks
high
59125SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 4745)NessusSuSE Local Security Checks
high
59124SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 4472)NessusSuSE Local Security Checks
high
37772Mandriva Linux Security Advisory : kernel (MDVSA-2008:105)NessusMandriva Local Security Checks
high
31148Debian DSA-1504-1 : kernel-source-2.6.8 - several vulnerabilitiesNessusDebian Local Security Checks
high
29880openSUSE 10 Security Update : kernel (kernel-4752)NessusSuSE Local Security Checks
high
29489SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 4741)NessusSuSE Local Security Checks
high
29488SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 4471)NessusSuSE Local Security Checks
high
28123Ubuntu 6.06 LTS / 6.10 / 7.04 : linux-source-2.6.15, linux-source-2.6.17, linux-source-2.6.20 vulnerabilities (USN-518-1)NessusUbuntu Local Security Checks
high
27765Fedora 7 : kernel-2.6.22.7-85.fc7 (2007-2298)NessusFedora Local Security Checks
high
27561Mandrake Linux Security Advisory : kernel (MDKSA-2007:195)NessusMandriva Local Security Checks
high
27299openSUSE 10 Security Update : kernel (kernel-4503)NessusSuSE Local Security Checks
high
27298openSUSE 10 Security Update : kernel (kernel-4487)NessusSuSE Local Security Checks
high
27297openSUSE 10 Security Update : kernel (kernel-4473)NessusSuSE Local Security Checks
high
26906RHEL 3 : kernel (RHSA-2007:0938)NessusRed Hat Local Security Checks
high
26905RHEL 4 : kernel (RHSA-2007:0937)NessusRed Hat Local Security Checks
high
26904RHEL 5 : kernel (RHSA-2007:0936)NessusRed Hat Local Security Checks
high
26211Debian DSA-1381-2 : linux-2.6 - several vulnerabilitiesNessusDebian Local Security Checks
high
26208Debian DSA-1378-2 : linux-2.6 - several vulnerabilitiesNessusDebian Local Security Checks
high
26207CentOS 3 : kernel (CESA-2007:0938)NessusCentOS Local Security Checks
high
26206CentOS 4 : kernel (CESA-2007:0937)NessusCentOS Local Security Checks
high
26205CentOS 5 : kernel (CESA-2007:0936)NessusCentOS Local Security Checks
high
26116Fedora Core 6 : kernel-2.6.22.7-57.fc6 (2007-712)NessusFedora Local Security Checks
high
801438CentOS RHSA-2007-0938 Security CheckLog Correlation EngineGeneric
high
801437CentOS RHSA-2007-0937 Security CheckLog Correlation EngineGeneric
high
801436CentOS RHSA-2007-0936 Security CheckLog Correlation EngineGeneric
high