Linux Kernel CapiUtil.c Buffer Overflow Vulnerability
BID:23333
Info
Linux Kernel CapiUtil.c Buffer Overflow Vulnerability
| Bugtraq ID: | 23333 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-1217 |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 05 2007 12:00AM |
| Updated: | Nov 15 2007 12:39AM |
| Credit: | John Hughes is credited with the discovery of this vulnerability. |
| Vulnerable: |
Redhat Enterprise Linux WS 4 Redhat Enterprise Linux WS 3 Redhat Enterprise Linux WS 2.1 IA64 Redhat Enterprise Linux WS 2.1 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux ES 2.1 IA64 Redhat Enterprise Linux ES 2.1 Redhat Enterprise Linux Desktop 5 client Redhat Enterprise Linux AS 4 Redhat Enterprise Linux AS 3 Redhat Enterprise Linux AS 2.1 IA64 Redhat Enterprise Linux AS 2.1 Redhat Enterprise Linux 5 Server Redhat Desktop 4.0 Redhat Desktop 3.0 Redhat Advanced Workstation for the Itanium Processor 2.1 IA64 Redhat Advanced Workstation for the Itanium Processor 2.1 Mandriva Linux Mandrake 2007.0 x86_64 Mandriva Linux Mandrake 2007.0 Linux kernel 2.6.20 Linux kernel 2.6.19 .2 Linux kernel 2.6.19 .1 Linux kernel 2.6.19 .1 Linux kernel 2.6.19 -rc4 Linux kernel 2.6.19 -rc3 Linux kernel 2.6.19 -rc2 Linux kernel 2.6.19 -rc1 Linux kernel 2.6.19 Linux kernel 2.6.18 .4 Linux kernel 2.6.18 .3 Linux kernel 2.6.18 .1 Linux kernel 2.6.18 Linux kernel 2.6.17 .9 Linux kernel 2.6.17 .8 Linux kernel 2.6.17 .7 Linux kernel 2.6.17 .6 Linux kernel 2.6.17 .5 Linux kernel 2.6.17 .4 Linux kernel 2.6.17 .3 Linux kernel 2.6.17 .2 Linux kernel 2.6.17 .14 Linux kernel 2.6.17 .13 Linux kernel 2.6.17 .12 Linux kernel 2.6.17 .11 Linux kernel 2.6.17 .10 Linux kernel 2.6.17 .1 Linux kernel 2.6.17 -rc5 Linux kernel 2.6.17 Linux kernel 2.6.17 Linux kernel 2.6.17 Linux kernel 2.6.17 Linux kernel 2.6.16 27 Linux kernel 2.6.16 13 Linux kernel 2.6.16 .9 Linux kernel 2.6.16 .8 Linux kernel 2.6.16 .7 Linux kernel 2.6.16 .5 Linux kernel 2.6.16 .4 Linux kernel 2.6.16 .3 Linux kernel 2.6.16 .23 Linux kernel 2.6.16 .21 Linux kernel 2.6.16 .2 Linux kernel 2.6.16 .19 Linux kernel 2.6.16 .18 Linux kernel 2.6.16 .17 Linux kernel 2.6.16 .16 Linux kernel 2.6.16 .12 Linux kernel 2.6.16 .11 Linux kernel 2.6.16 .1 Linux kernel 2.6.16 -rc1 Linux kernel 2.6.16 Linux kernel 2.6.16 Linux kernel 2.6.15 .6 Linux kernel 2.6.15 .4 Linux kernel 2.6.15 .3 Linux kernel 2.6.15 .2 Linux kernel 2.6.15 .1 Linux kernel 2.6.15 -rc6 Linux kernel 2.6.15 -rc5 Linux kernel 2.6.15 -rc4 Linux kernel 2.6.15 -rc3 Linux kernel 2.6.15 -rc2 Linux kernel 2.6.15 -rc1 Linux kernel 2.6.15 Linux kernel 2.6.15 Linux kernel 2.6.14 .5 Linux kernel 2.6.14 .4 Linux kernel 2.6.14 .3 Linux kernel 2.6.14 .2 Linux kernel 2.6.14 .1 Linux kernel 2.6.14 -rc4 Linux kernel 2.6.14 -rc3 Linux kernel 2.6.14 -rc2 Linux kernel 2.6.14 -rc1 Linux kernel 2.6.14 Linux kernel 2.6.14 Linux kernel 2.6.13 .4 Linux kernel 2.6.13 .3 Linux kernel 2.6.13 .2 Linux kernel 2.6.13 .1 Linux kernel 2.6.13 -rc7 Linux kernel 2.6.13 -rc6 Linux kernel 2.6.13 -rc4 Linux kernel 2.6.13 -rc1 Linux kernel 2.6.13 Linux kernel 2.6.13 Linux kernel 2.6.12 .6 Linux kernel 2.6.12 .5 Linux kernel 2.6.12 .4 Linux kernel 2.6.12 .3 Linux kernel 2.6.12 .22 Linux kernel 2.6.12 .2 Linux kernel 2.6.12 .12 Linux kernel 2.6.12 .1 Linux kernel 2.6.12 -rc5 Linux kernel 2.6.12 -rc4 Linux kernel 2.6.12 -rc1 Linux kernel 2.6.12 Linux kernel 2.6.12 Linux kernel 2.6.11 .8 Linux kernel 2.6.11 .7 Linux kernel 2.6.11 .6 Linux kernel 2.6.11 .5 Linux kernel 2.6.11 .4 Linux kernel 2.6.11 .12 Linux kernel 2.6.11 .11 Linux kernel 2.6.11 -rc4 Linux kernel 2.6.11 -rc3 Linux kernel 2.6.11 -rc2 Linux kernel 2.6.11 Linux kernel 2.6.11 Linux kernel 2.6.10 rc2 Linux kernel 2.6.10 Linux kernel 2.6.10 Linux kernel 2.6.9 Linux kernel 2.6.18 Linux kernel 2.6.15.5 Linux kernel 2.6.15.11 Linux kernel 2.6.11.4 Gentoo Linux Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 Avaya SES 3.1 Avaya SES 3.0 Avaya SES 2.0 Avaya Messaging Storage Server MSS 3.0 Avaya Message Networking MN 3.1 Avaya EMMC 1.017 Avaya Communication Manager 3.0 Avaya CCS 3.1 Avaya CCS 3.0 Avaya CCS 2.0 Avaya AES 4.0 |
| Not Vulnerable: |
Linux kernel 2.6.20-2 |
Discussion
Linux Kernel CapiUtil.c Buffer Overflow Vulnerability
The Linux kernel is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before using into an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code with kernel-level privileges or cause the affected kernel to crash, denying service to legitimate users.
This issue affects versions 2.6.9 to 2.6.20 and the 'isdn4k-utils' utilities.
The Linux kernel is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before using into an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code with kernel-level privileges or cause the affected kernel to crash, denying service to legitimate users.
This issue affects versions 2.6.9 to 2.6.20 and the 'isdn4k-utils' utilities.
Exploit / POC
Linux Kernel CapiUtil.c Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
Linux Kernel CapiUtil.c Buffer Overflow Vulnerability
Solution:
The vendor released a patch to address this issue. Please see the references for more information.
Solution:
The vendor released a patch to address this issue. Please see the references for more information.
References
Linux Kernel CapiUtil.c Buffer Overflow Vulnerability
References:
References:
- RHSA-2007:0673-2 - Important: kernel security update (RedHat)
- ASA-2007-384 - kernel security and bugfix update (RHSA-2007-0774) (Avaya)
- ASA-2007-404 - kernel security update (RHSA-2007-0672) (Avaya)
- Linux Kernel Homepage (Linux Kernel)
- RHSA-2007:0671-2: kernel security and bugfix update (Red Hat)
- RHSA-2007:0672-2 kernel security update (Red Hat)
- RHSA-2007:0705-2 kernel security update (Red Hat)
- RHSA-2007:0774-4 kernel security and bugfix update (Red Hat)