CVE-2007-4573

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2007-4573
The IA32 system call emulation functionality in Linux kernel 2.4.x and 2.6.x before 2.6.22.7, when running on the x86_64 architecture, does not zero extend the eax register after the 32bit entry path to ptrace is used, which might allow local users to gain privileges by triggering an out-of-bounds access to the system call table using the %RAX register.

7.2 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://fedoranews.org/updates/FEDORA-2007-229.shtml
http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.35.3
http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00001.html
http://lkml.org/lkml/2007/9/21/512 Patch
http://lkml.org/lkml/2007/9/21/513
http://marc.info/?l=full-disclosure&m=119062587407908&w=2
http://secunia.com/advisories/26917
http://secunia.com/advisories/26919
http://secunia.com/advisories/26934
http://secunia.com/advisories/26953
http://secunia.com/advisories/26955
http://secunia.com/advisories/26978
http://secunia.com/advisories/26994
http://secunia.com/advisories/26995
http://secunia.com/advisories/27212
http://secunia.com/advisories/27227
http://secunia.com/advisories/27912
http://secunia.com/advisories/29058
http://securitytracker.com/id?1018748
http://www.debian.org/security/2007/dsa-1378
http://www.debian.org/security/2007/dsa-1381
http://www.debian.org/security/2008/dsa-1504
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.7
http://www.mandriva.com/security/advisories?name=MDKSA-2007:195
http://www.mandriva.com/security/advisories?name=MDKSA-2007:196
http://www.mandriva.com/security/advisories?name=MDVSA-2008:008
http://www.mandriva.com/security/advisories?name=MDVSA-2008:105
http://www.novell.com/linux/security/advisories/2007_53_kernel.html
http://www.redhat.com/support/errata/RHSA-2007-0936.html
http://www.redhat.com/support/errata/RHSA-2007-0937.html
http://www.redhat.com/support/errata/RHSA-2007-0938.html
http://www.securityfocus.com/archive/1/480451/100/0/threaded
http://www.securityfocus.com/archive/1/480705/100/0/threaded
http://www.securityfocus.com/bid/25774
http://www.ubuntu.com/usn/usn-518-1
http://www.vupen.com/english/advisories/2007/3246
https://issues.rpath.com/browse/RPL-1754
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9735
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00355.html
http://fedoranews.org/updates/FEDORA-2007-229.shtml
http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.35.3
http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00001.html
http://lkml.org/lkml/2007/9/21/512 Patch
http://lkml.org/lkml/2007/9/21/513
http://marc.info/?l=full-disclosure&m=119062587407908&w=2
http://secunia.com/advisories/26917
http://secunia.com/advisories/26919
http://secunia.com/advisories/26934
http://secunia.com/advisories/26953
http://secunia.com/advisories/26955
http://secunia.com/advisories/26978
http://secunia.com/advisories/26994
http://secunia.com/advisories/26995
http://secunia.com/advisories/27212
http://secunia.com/advisories/27227
http://secunia.com/advisories/27912
http://secunia.com/advisories/29058
http://securitytracker.com/id?1018748
http://www.debian.org/security/2007/dsa-1378
http://www.debian.org/security/2007/dsa-1381
http://www.debian.org/security/2008/dsa-1504
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.7
http://www.mandriva.com/security/advisories?name=MDKSA-2007:195
http://www.mandriva.com/security/advisories?name=MDKSA-2007:196
http://www.mandriva.com/security/advisories?name=MDVSA-2008:008
http://www.mandriva.com/security/advisories?name=MDVSA-2008:105
http://www.novell.com/linux/security/advisories/2007_53_kernel.html
http://www.redhat.com/support/errata/RHSA-2007-0936.html
http://www.redhat.com/support/errata/RHSA-2007-0937.html
http://www.redhat.com/support/errata/RHSA-2007-0938.html
http://www.securityfocus.com/archive/1/480451/100/0/threaded
http://www.securityfocus.com/archive/1/480705/100/0/threaded
http://www.securityfocus.com/bid/25774
http://www.ubuntu.com/usn/usn-518-1
http://www.vupen.com/english/advisories/2007/3246
https://issues.rpath.com/browse/RPL-1754
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9735
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00355.html
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:x86_64:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:x86_64:*:*:*:*:*
History

21 Nov 2024, 00:35

Type Values Removed Values Added
References () http://fedoranews.org/updates/FEDORA-2007-229.shtml - () http://fedoranews.org/updates/FEDORA-2007-229.shtml -
References () http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.35.3 - () http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.35.3 -
References () http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00001.html - () http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00001.html -
References () http://lkml.org/lkml/2007/9/21/512 - Patch () http://lkml.org/lkml/2007/9/21/512 - Patch
References () http://lkml.org/lkml/2007/9/21/513 - () http://lkml.org/lkml/2007/9/21/513 -
References () http://marc.info/?l=full-disclosure&m=119062587407908&w=2 - () http://marc.info/?l=full-disclosure&m=119062587407908&w=2 -
References () http://secunia.com/advisories/26917 - () http://secunia.com/advisories/26917 -
References () http://secunia.com/advisories/26919 - () http://secunia.com/advisories/26919 -
References () http://secunia.com/advisories/26934 - () http://secunia.com/advisories/26934 -
References () http://secunia.com/advisories/26953 - () http://secunia.com/advisories/26953 -
References () http://secunia.com/advisories/26955 - () http://secunia.com/advisories/26955 -
References () http://secunia.com/advisories/26978 - () http://secunia.com/advisories/26978 -
References () http://secunia.com/advisories/26994 - () http://secunia.com/advisories/26994 -
References () http://secunia.com/advisories/26995 - () http://secunia.com/advisories/26995 -
References () http://secunia.com/advisories/27212 - () http://secunia.com/advisories/27212 -
References () http://secunia.com/advisories/27227 - () http://secunia.com/advisories/27227 -
References () http://secunia.com/advisories/27912 - () http://secunia.com/advisories/27912 -
References () http://secunia.com/advisories/29058 - () http://secunia.com/advisories/29058 -
References () http://securitytracker.com/id?1018748 - () http://securitytracker.com/id?1018748 -
References () http://www.debian.org/security/2007/dsa-1378 - () http://www.debian.org/security/2007/dsa-1378 -
References () http://www.debian.org/security/2007/dsa-1381 - () http://www.debian.org/security/2007/dsa-1381 -
References () http://www.debian.org/security/2008/dsa-1504 - () http://www.debian.org/security/2008/dsa-1504 -
References () http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.7 - () http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.7 -
References () http://www.mandriva.com/security/advisories?name=MDKSA-2007:195 - () http://www.mandriva.com/security/advisories?name=MDKSA-2007:195 -
References () http://www.mandriva.com/security/advisories?name=MDKSA-2007:196 - () http://www.mandriva.com/security/advisories?name=MDKSA-2007:196 -
References () http://www.mandriva.com/security/advisories?name=MDVSA-2008:008 - () http://www.mandriva.com/security/advisories?name=MDVSA-2008:008 -
References () http://www.mandriva.com/security/advisories?name=MDVSA-2008:105 - () http://www.mandriva.com/security/advisories?name=MDVSA-2008:105 -
References () http://www.novell.com/linux/security/advisories/2007_53_kernel.html - () http://www.novell.com/linux/security/advisories/2007_53_kernel.html -
References () http://www.redhat.com/support/errata/RHSA-2007-0936.html - () http://www.redhat.com/support/errata/RHSA-2007-0936.html -
References () http://www.redhat.com/support/errata/RHSA-2007-0937.html - () http://www.redhat.com/support/errata/RHSA-2007-0937.html -
References () http://www.redhat.com/support/errata/RHSA-2007-0938.html - () http://www.redhat.com/support/errata/RHSA-2007-0938.html -
References () http://www.securityfocus.com/archive/1/480451/100/0/threaded - () http://www.securityfocus.com/archive/1/480451/100/0/threaded -
References () http://www.securityfocus.com/archive/1/480705/100/0/threaded - () http://www.securityfocus.com/archive/1/480705/100/0/threaded -
References () http://www.securityfocus.com/bid/25774 - () http://www.securityfocus.com/bid/25774 -
References () http://www.ubuntu.com/usn/usn-518-1 - () http://www.ubuntu.com/usn/usn-518-1 -
References () http://www.vupen.com/english/advisories/2007/3246 - () http://www.vupen.com/english/advisories/2007/3246 -
References () https://issues.rpath.com/browse/RPL-1754 - () https://issues.rpath.com/browse/RPL-1754 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9735 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9735 -
References () https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00355.html - () https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00355.html -
Information

Published : 2007-09-24 22:17

Updated : 2024-11-21 00:35

NVD link : CVE-2007-4573

Mitre link : CVE-2007-4573

CVE.ORG link : CVE-2007-4573

JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-264

Permissions, Privileges, and Access Controls


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024