CVE-2007-3104

Null pointer to an inode in a dentry can cause an oops in sysfs_readdir

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The sysfs_readdir function in the Linux kernel 2.6, as used in Red Hat Enterprise Linux (RHEL) 4.5 and other distributions, allows users to cause a denial of service (kernel OOPS) by dereferencing a null pointer to an inode in a dentry.

La función sysfs_readdir en el kernel de Linux versión 2.6, tal y como es usada en Red Hat Enterprise Linux (RHEL) versión 4.5 y otras distribuciones, permite a usuarios causar una denegación de servicio (OOPS del kernel) desreferenciando un puntero null para un inodo en un dentry.

The Linux 2.6 kernel series suffers from multiple vulnerabilities. A flaw in the sysfs_readdir function allowed a local user to cause a denial of service by dereferencing a NULL pointer. A buffer overflow was discovered in the random number generator. In environments with granular assignment of root privileges, a local attacker could gain additional privileges. A flaw was discovered in the usblcd driver. A local attacker could cause large amounts of kernel memory consumption, leading to a denial of service. It was discovered that certain setuid-root processes did not correctly reset process death signal handlers. A local user could manipulate this to send signals to processes they would not normally have access to. The Direct Rendering Manager for the i915 driver could be made to write to arbitrary memory locations. An attacker with access to a running X11 session could send a specially crafted buffer and gain root privileges. It was discovered that the aacraid SCSI driver did not correctly check permissions on certain ioctls. A local attacker could cause a denial of service or gain privileges.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-06-07 CVE Reserved
2007-06-26 CVE Published
2024-08-07 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-399: Resource Management Errors

CAPEC

References (23)

URL	Tag	Source
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=242558	X_refsource_misc
http://osvdb.org/37115	Vdb Entry
http://support.avaya.com/elmodocs2/security/ASA-2007-287.htm	X_refsource_confirm
http://www.securityfocus.com/bid/24631	Vdb Entry
http://www.securitytracker.com/id?1018289	Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11233	Signature

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00001.html	2017-10-11
http://rhn.redhat.com/errata/RHSA-2007-0488.html	2017-10-11
http://secunia.com/advisories/25771	2017-10-11
http://secunia.com/advisories/25838	2017-10-11
http://secunia.com/advisories/26289	2017-10-11
http://secunia.com/advisories/26643	2017-10-11
http://secunia.com/advisories/26651	2017-10-11
http://secunia.com/advisories/27912	2017-10-11
http://secunia.com/advisories/28033	2017-10-11
http://secunia.com/advisories/28643	2017-10-11
http://www.debian.org/security/2007/dsa-1428	2017-10-11
http://www.redhat.com/support/errata/RHSA-2008-0089.html	2017-10-11
http://www.ubuntu.com/usn/usn-508-1	2017-10-11
http://www.ubuntu.com/usn/usn-509-1	2017-10-11
http://www.ubuntu.com/usn/usn-510-1	2017-10-11
https://access.redhat.com/security/cve/CVE-2007-3104	2008-01-23
https://bugzilla.redhat.com/show_bug.cgi?id=427994	2008-01-23

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"	Linux Kernel Search vendor "Linux" for product "Linux Kernel"	2.6.0 Search vendor "Linux" for product "Linux Kernel" and version "2.6.0"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	4.5 Search vendor "Redhat" for product "Enterprise Linux" and version "4.5"	-	Safe