Linux Kernel Audit Subsystems Local Denial of Service Vulnerability
BID:22737
Info
Linux Kernel Audit Subsystems Local Denial of Service Vulnerability
| Bugtraq ID: | 22737 |
| Class: | Unknown |
| CVE: |
CVE-2007-0001 |
| Remote: | No |
| Local: | Yes |
| Published: | Feb 27 2007 12:00AM |
| Updated: | Mar 19 2007 09:54PM |
| Credit: | Steve Grubb is credited with the discovery of this vulnerability. |
| Vulnerable: |
Redhat Enterprise Linux WS 4 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux AS 4 Redhat Desktop 4.0 Linux kernel 2.6.20 .1 Linux kernel 2.6.20 Linux kernel 2.6.19 .2 Linux kernel 2.6.19 .1 Linux kernel 2.6.19 .1 Linux kernel 2.6.19 -rc4 Linux kernel 2.6.19 -rc3 Linux kernel 2.6.19 -rc2 Linux kernel 2.6.19 -rc1 Linux kernel 2.6.18 .4 Linux kernel 2.6.18 .3 Linux kernel 2.6.18 .1 Linux kernel 2.6.17 .9 Linux kernel 2.6.17 .8 Linux kernel 2.6.17 .7 Linux kernel 2.6.17 .6 Linux kernel 2.6.17 .5 Linux kernel 2.6.17 .4 Linux kernel 2.6.17 .3 Linux kernel 2.6.17 .14 Linux kernel 2.6.17 .13 Linux kernel 2.6.17 .12 Linux kernel 2.6.17 .11 Linux kernel 2.6.17 .10 Linux kernel 2.6.17 .1 Linux kernel 2.6.17 -rc5 Linux kernel 2.6.17 Linux kernel 2.6.17 Linux kernel 2.6.17 Linux kernel 2.6.16 27 Linux kernel 2.6.16 13 Linux kernel 2.6.16 .9 Linux kernel 2.6.16 .8 Linux kernel 2.6.16 .7 Linux kernel 2.6.16 .5 Linux kernel 2.6.16 .4 Linux kernel 2.6.16 .3 Linux kernel 2.6.16 .23 Linux kernel 2.6.16 .21 Linux kernel 2.6.16 .2 Linux kernel 2.6.16 .19 Linux kernel 2.6.16 .18 Linux kernel 2.6.16 .17 Linux kernel 2.6.16 .16 Linux kernel 2.6.16 .12 Linux kernel 2.6.16 .11 Linux kernel 2.6.16 .1 Linux kernel 2.6.16 -rc1 Linux kernel 2.6.16 Linux kernel 2.6.15 .6 Linux kernel 2.6.15 .4 Linux kernel 2.6.15 .3 Linux kernel 2.6.15 .2 Linux kernel 2.6.15 .1 Linux kernel 2.6.15 -rc6 Linux kernel 2.6.15 -rc5 Linux kernel 2.6.15 -rc4 Linux kernel 2.6.15 -rc3 Linux kernel 2.6.15 -rc2 Linux kernel 2.6.15 -rc1 Linux kernel 2.6.15 Linux kernel 2.6.14 .5 Linux kernel 2.6.14 .4 Linux kernel 2.6.14 .3 Linux kernel 2.6.14 .2 Linux kernel 2.6.14 .1 Linux kernel 2.6.14 -rc4 Linux kernel 2.6.14 -rc3 Linux kernel 2.6.14 -rc2 Linux kernel 2.6.14 -rc1 Linux kernel 2.6.14 Linux kernel 2.6.13 .4 Linux kernel 2.6.13 .3 Linux kernel 2.6.13 .2 Linux kernel 2.6.13 .1 Linux kernel 2.6.13 -rc7 Linux kernel 2.6.13 -rc6 Linux kernel 2.6.13 -rc4 Linux kernel 2.6.13 -rc1 Linux kernel 2.6.13 Linux kernel 2.6.12 .6 Linux kernel 2.6.12 .5 Linux kernel 2.6.12 .4 Linux kernel 2.6.12 .3 Linux kernel 2.6.12 .22 Linux kernel 2.6.12 .2 Linux kernel 2.6.12 .12 Linux kernel 2.6.12 .1 Linux kernel 2.6.12 -rc5 Linux kernel 2.6.12 -rc4 Linux kernel 2.6.12 -rc1 Linux kernel 2.6.12 Linux kernel 2.6.11 .8 Linux kernel 2.6.11 .7 Linux kernel 2.6.11 .6 Linux kernel 2.6.11 .5 Linux kernel 2.6.11 .4 Linux kernel 2.6.11 .12 Linux kernel 2.6.11 .11 Linux kernel 2.6.11 -rc4 Linux kernel 2.6.11 -rc3 Linux kernel 2.6.11 -rc2 Linux kernel 2.6.11 Linux kernel 2.6.10 rc2 Linux kernel 2.6.10 Linux kernel 2.6.9 Linux kernel 2.6.8 rc3 Linux kernel 2.6.8 rc2 Linux kernel 2.6.8 rc1 Linux kernel 2.6.8 Linux kernel 2.6.7 rc1 Linux kernel 2.6.7 Linux kernel 2.6.6 rc1 Linux kernel 2.6.6 Linux kernel 2.6.5 Linux kernel 2.6.4 Linux kernel 2.6.3 Linux kernel 2.6.2 Linux kernel 2.6.1 -rc2 Linux kernel 2.6.1 -rc1 Linux kernel 2.6.1 Linux kernel 2.6 .10 Linux kernel 2.6 -test9-CVS Linux kernel 2.6 -test9 Linux kernel 2.6 -test8 Linux kernel 2.6 -test7 Linux kernel 2.6 -test6 Linux kernel 2.6 -test5 Linux kernel 2.6 -test4 Linux kernel 2.6 -test3 Linux kernel 2.6 -test2 Linux kernel 2.6 -test11 Linux kernel 2.6 -test10 Linux kernel 2.6 -test1 Linux kernel 2.6 Linux kernel 2.6.8.1 Linux kernel 2.6.20-rc2 Linux kernel 2.6.18 Linux kernel 2.6.15.5 Linux kernel 2.6.15.11 Linux kernel 2.6.11.4 Avaya Messaging Storage Server MM3.0 Avaya AES 4.0 |
| Not Vulnerable: | |
Discussion
Linux Kernel Audit Subsystems Local Denial of Service Vulnerability
The Linux Kernel is prone to a denial-of-service vulnerability.
A local attacker can exploit this issue to crash the kernel.
Linux kernel versions 2.6.x are vulnerable to this issue.
The Linux Kernel is prone to a denial-of-service vulnerability.
A local attacker can exploit this issue to crash the kernel.
Linux kernel versions 2.6.x are vulnerable to this issue.
Exploit / POC
Linux Kernel Audit Subsystems Local Denial of Service Vulnerability
A proof of concept is available:
1. auditctl -w /etc/shadow
2. useradd userb
A proof of concept is available:
1. auditctl -w /etc/shadow
2. useradd userb
Solution / Fix
Linux Kernel Audit Subsystems Local Denial of Service Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
Linux Kernel Audit Subsystems Local Denial of Service Vulnerability
References:
References: