Sign-up

ID

VAR-200710-0169


CVE

CVE-2007-3850


TITLE

PowerPC Work on Linux Kernel of eHCA Information disclosure vulnerability in drivers

Trust: 0.8

sources: JVNDB: JVNDB-2007-000900

DESCRIPTION

The eHCA driver in Linux kernel 2.6 before 2.6.22, when running on PowerPC, does not properly map userspace resources, which allows local users to read portions of physical address space. The Linux kernel is prone to an information-disclosure vulnerability. Successful exploits will allow attackers to obtain a portion of the physical address space. Information harvested may aid in further attacks. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,700 different Windows applications. Request your account, the Secunia Network Software Inspector (NSI): http://secunia.com/network_software_inspector/ ---------------------------------------------------------------------- TITLE: Red Hat update for kernel SECUNIA ADVISORY ID: SA27322 VERIFY ADVISORY: http://secunia.com/advisories/27322/ CRITICAL: Moderately critical IMPACT: Security Bypass, DoS WHERE: >From remote OPERATING SYSTEM: Red Hat Enterprise Linux (v. 5 server) http://secunia.com/product/13652/ Red Hat Enterprise Linux Desktop (v. 5 client) http://secunia.com/product/13653/ DESCRIPTION: Red Hat has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and to cause a DoS (Denial of Service), and by malicious people to cause a DoS. For more information: SA25594 SA25895 SA26322 SA26935 SOLUTION: Updated packages are available via Red Hat Network. http://rhn.redhat.com ORIGINAL ADVISORY: https://rhn.redhat.com/errata/RHSA-2007-0940.html OTHER REFERENCES: SA25594: http://secunia.com/advisories/25594/ SA25895: http://secunia.com/advisories/25895/ SA26322: http://secunia.com/advisories/26322/ SA26935: http://secunia.com/advisories/26935/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-3850 // JVNDB: JVNDB-2007-000900 // BID: 26161 // VULHUB: VHN-27212 // PACKETSTORM: 60246

AFFECTED PRODUCTS

vendor:linuxmodel:kernelscope:lteversion:2.6.21

Trust: 1.0

vendor:linuxmodel:kernelscope:eqversion:2.6.22

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3 (x86-64)

Trust: 0.8

vendor:linuxmodel:kernelscope:ltversion:version

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:5 (server)

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:5.0 (client)

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3 (x86)

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:2.6.21

Trust: 0.6

vendor:redhatmodel:enterprise linux desktop clientscope:eqversion:5

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:5

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.18.4

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.18.3

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.18.1

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.18

Trust: 0.3

sources: BID: 26161 // JVNDB: JVNDB-2007-000900 // CNNVD: CNNVD-200710-445 // NVD: CVE-2007-3850

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-3850
value: LOW

Trust: 1.0

NVD: CVE-2007-3850
value: LOW

Trust: 0.8

CNNVD: CNNVD-200710-445
value: LOW

Trust: 0.6

VULHUB: VHN-27212
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2007-3850
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-27212
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-27212 // JVNDB: JVNDB-2007-000900 // CNNVD: CNNVD-200710-445 // NVD: CVE-2007-3850

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

problemtype:CWE-DesignError

Trust: 0.8

sources: VULHUB: VHN-27212 // JVNDB: JVNDB-2007-000900 // NVD: CVE-2007-3850

THREAT TYPE

local

Trust: 1.0

sources: BID: 26161 // PACKETSTORM: 60246 // CNNVD: CNNVD-200710-445

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-200710-445

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-000900

PATCH
title:kernel-2.6.18-8.12AXurl:https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=58
Trust: 0.8
title:ChangeLog-2.6.22url:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22
Trust: 0.8
title:RHSA-2007:0940url:https://rhn.redhat.com/errata/RHSA-2007-0940.html
Trust: 0.8
title:RHSA-2007:0940url:http://www.jp.redhat.com/support/errata/RHSA/RHSA-2007-0940J.html
Trust: 0.8
title:Linux kernel Repair measures for information disclosure vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=236301
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2007-000900 // 
            
            
            
            CNNVD: CNNVD-200710-445

EXTERNAL IDS
db:NVDid:CVE-2007-3850
Trust: 2.8
db:BIDid:26161
Trust: 2.8
db:SECUNIAid:27322
Trust: 1.8
db:OSVDBid:45488
Trust: 1.7
db:JVNDBid:JVNDB-2007-000900
Trust: 0.8
db:CNNVDid:CNNVD-200710-445
Trust: 0.6
db:VULHUBid:VHN-27212
Trust: 0.1
db:PACKETSTORMid:60246
Trust: 0.1
sources:
            
            
            VULHUB: VHN-27212 // 
            
            
            
            BID: 26161 // 
            
            
            
            JVNDB: JVNDB-2007-000900 // 
            
            
            
            PACKETSTORM: 60246 // 
            
            
            
            CNNVD: CNNVD-200710-445 // 
            
            
            
            NVD: CVE-2007-3850

REFERENCES
url:http://www.securityfocus.com/bid/26161
Trust: 2.5
url:http://rhn.redhat.com/errata/rhsa-2007-0940.html
Trust: 2.1
url:http://secunia.com/advisories/27322
Trust: 1.7
url:http://osvdb.org/45488
Trust: 1.7
url:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3ba=commit%3bh=721151d004dcf01a71b12bb6b893f9160284cf6e
Trust: 1.7
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10793
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3850
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-3850
Trust: 0.8
url:https://bugzilla.redhat.com/show_bug.cgi?id=308811
Trust: 0.3
url:http://www.kernel.org/
Trust: 0.3
url:http://secunia.com/advisories/26322/
Trust: 0.1
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/product/13652/
Trust: 0.1
url:http://secunia.com/advisories/26935/
Trust: 0.1
url:http://secunia.com/advisories/25895/
Trust: 0.1
url:http://secunia.com/network_software_inspector/
Trust: 0.1
url:http://rhn.redhat.com
Trust: 0.1
url:http://secunia.com/advisories/25594/
Trust: 0.1
url:http://secunia.com/advisories/27322/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/product/13653/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-27212 // 
            
            
            
            BID: 26161 // 
            
            
            
            JVNDB: JVNDB-2007-000900 // 
            
            
            
            PACKETSTORM: 60246 // 
            
            
            
            CNNVD: CNNVD-200710-445 // 
            
            
            
            NVD: CVE-2007-3850

CREDITS
This issue was disclosed in the referenced Red Hat advisory.
Trust: 0.9
sources:
            
            
            BID: 26161 // 
            
            
            
            CNNVD: CNNVD-200710-445

SOURCES
db:VULHUBid:VHN-27212
db:BIDid:26161
db:JVNDBid:JVNDB-2007-000900
db:PACKETSTORMid:60246
db:CNNVDid:CNNVD-200710-445
db:NVDid:CVE-2007-3850

LAST UPDATE DATE
2024-08-14T13:00:33.904000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-27212date:2023-02-13T00:00:00
db:BIDid:26161date:2007-10-24T19:36:00
db:JVNDBid:JVNDB-2007-000900date:2007-12-19T00:00:00
db:CNNVDid:CNNVD-200710-445date:2023-05-09T00:00:00
db:NVDid:CVE-2007-3850date:2023-02-13T02:18:12.537

SOURCES RELEASE DATE
db:VULHUBid:VHN-27212date:2007-10-23T00:00:00
db:BIDid:26161date:2007-10-22T00:00:00
db:JVNDBid:JVNDB-2007-000900date:2007-11-06T00:00:00
db:PACKETSTORMid:60246date:2007-10-22T18:39:08
db:CNNVDid:CNNVD-200710-445date:2007-10-23T00:00:00
db:NVDid:CVE-2007-3850date:2007-10-23T10:46:00