[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-4573Date: (C)2007-09-24   (M)2023-12-22


The IA32 system call emulation functionality in Linux kernel 2.4.x and 2.6.x before 2.6.22.7, when running on the x86_64 architecture, does not zero extend the eax register after the 32bit entry path to ptrace is used, which might allow local users to gain privileges by triggering an out-of-bounds access to the system call table using the %RAX register.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.2
Exploit Score: 3.9
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1018748
http://marc.info/?l=full-disclosure&m=119062587407908&w=2
http://www.securityfocus.com/archive/1/480451/100/0/threaded
http://www.securityfocus.com/archive/1/480705/100/0/threaded
BID-25774
SECUNIA-26917
SECUNIA-26919
SECUNIA-26934
SECUNIA-26953
SECUNIA-26955
SECUNIA-26978
SECUNIA-26994
SECUNIA-26995
SECUNIA-27212
SECUNIA-27227
SECUNIA-27912
SECUNIA-29058
ADV-2007-3246
DSA-1378
DSA-1381
DSA-1504
FEDORA-2007-2298
FEDORA-2007-712
MDKSA-2007:195
MDKSA-2007:196
MDVSA-2008:008
MDVSA-2008:105
RHSA-2007:0936
RHSA-2007:0937
RHSA-2007:0938
SUSE-SA:2007:053
SUSE-SA:2007:064
USN-518-1
http://lkml.org/lkml/2007/9/21/512
http://lkml.org/lkml/2007/9/21/513
http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.35.3
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.7
https://issues.rpath.com/browse/RPL-1754
oval:org.mitre.oval:def:9735

CWE    1
CWE-264
OVAL    2
oval:org.mitre.oval:def:8130
oval:org.secpod.oval:def:301365

© SecPod Technologies