Detections
Analytics
Fedora 7 : kernel-2.6.23.8-34.fc7 (2007-3751)
high Nessus Plugin ID 29264
Synopsis
The remote Fedora host is missing a security update.Description
Update to kernel 2.6.23.9-rc1:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23.2 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23.3 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23.4 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23.5 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23.6 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23.7 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23.8
CVE-2007-5501: The tcp_sacktag_write_queue function in net/ipv4/tcp_input.c in Linux kernel 2.6.24-rc2 and earlier allows remote attackers to cause a denial of service (crash) via crafted ACK responses that trigger a NULL pointer dereference.
CVE-2007-5500: The wait_task_stopped function in the Linux kernel before 2.6.23.8 checks a TASK_TRACED bit instead of an exit_state value, which allows local users to cause a denial of service (machine crash) via unspecified vectors.
Additional fixes: Major wireless updates. Fix oops in netfilter NAT module (#259501) libata: fix resume on some systems libata: fix pata_serverworks with some drive combinations Initial FireWire OHCI 1.0 Isochronous Receive support (#344851) Disable USB autosuspend by default. Fix oops in CIFS when mounting a filesystem a second time.
Restore platform module autoloading, e.g. pcspkr. Fix failure to boot on 486DX4 (and possibily other CPUs.)
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
Solution
Update the affected packages.See Also
http://www.nessus.org/u?6f4e90bf
http://www.nessus.org/u?8b5739f4
http://www.nessus.org/u?dfaed5ff
http://www.nessus.org/u?bda3e1fe
http://www.nessus.org/u?00091f6b
https://bugzilla.redhat.com/show_bug.cgi?id=259501
https://bugzilla.redhat.com/show_bug.cgi?id=344851
http://www.nessus.org/u?67eef7de
Plugin Details
Severity: High
ID: 29264
File Name: fedora_2007-3751.nasl
Version: 1.19
Type: local
Agent: unix
Family: Fedora Local Security Checks
Published: 12/11/2007
Updated: 1/11/2021
Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: High
Base Score: 7.8
Temporal Score: 6.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C
Vulnerability Information
CPE: p-cpe:/a:fedoraproject:fedora:kernel, p-cpe:/a:fedoraproject:fedora:kernel-pae, p-cpe:/a:fedoraproject:fedora:kernel-pae-debug, p-cpe:/a:fedoraproject:fedora:kernel-pae-debug-debuginfo, p-cpe:/a:fedoraproject:fedora:kernel-pae-debug-devel, p-cpe:/a:fedoraproject:fedora:kernel-pae-debuginfo, p-cpe:/a:fedoraproject:fedora:kernel-pae-devel, p-cpe:/a:fedoraproject:fedora:kernel-debug, p-cpe:/a:fedoraproject:fedora:kernel-debug-debuginfo, p-cpe:/a:fedoraproject:fedora:kernel-debug-devel, p-cpe:/a:fedoraproject:fedora:kernel-debuginfo, p-cpe:/a:fedoraproject:fedora:kernel-debuginfo-common, p-cpe:/a:fedoraproject:fedora:kernel-devel, p-cpe:/a:fedoraproject:fedora:kernel-doc, p-cpe:/a:fedoraproject:fedora:kernel-headers, cpe:/o:fedoraproject:fedora:7
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 12/6/2007
Reference Information
CVE: CVE-2007-5500, CVE-2007-5501