// For flags

CVE-2007-3105

Bound check ordering issue in random driver

Severity Score

4.6
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Stack-based buffer overflow in the random number generator (RNG) implementation in the Linux kernel before 2.6.22 might allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater than the output pool size, which triggers writing random numbers to the stack by the pool transfer function involving "bound check ordering". NOTE: this issue might only cross privilege boundaries in environments that have granular assignment of privileges for root.

Desbordamiento de búfer basado en pila en la implementación del generador de números aleatorios (RNG) en el kernel de Linux versiones anteriores a 2.6.22 podría permitir a usuarios root locales provocar una denegación de servicio o obtener privilegios al asignar valor al umbral por defecto del despertado (wakeup) a un valor mayor que el tamaño de la cola de salida, que dispara la escritura de números aleatorios a la pila por la función de transferencia de cola involucrando "comprobación de límites de ordenación".
NOTA: Esta vulnerabilidad podría solamente cruzar límites de privilegios en entornos que tienen asignación granular de privilegios para root.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-06-07 CVE Reserved
  • 2007-07-27 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-09-21 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (30)
URL Tag Source
http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm X_refsource_confirm
http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.22-git14.log X_refsource_confirm
http://www.securityfocus.com/bid/25348 Vdb Entry
https://issues.rpath.com/browse/RPL-1650 X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10371 Signature
URL Date SRC
URL Date SRC
URL Date SRC
http://secunia.com/advisories/26500 2023-11-07
http://secunia.com/advisories/26643 2023-11-07
http://secunia.com/advisories/26647 2023-11-07
http://secunia.com/advisories/26651 2023-11-07
http://secunia.com/advisories/26664 2023-11-07
http://secunia.com/advisories/27212 2023-11-07
http://secunia.com/advisories/27227 2023-11-07
http://secunia.com/advisories/27322 2023-11-07
http://secunia.com/advisories/27436 2023-11-07
http://secunia.com/advisories/27747 2023-11-07
http://secunia.com/advisories/29058 2023-11-07
http://www.debian.org/security/2007/dsa-1363 2023-11-07
http://www.debian.org/security/2008/dsa-1504 2023-11-07
http://www.mandriva.com/security/advisories?name=MDKSA-2007:195 2023-11-07
http://www.mandriva.com/security/advisories?name=MDKSA-2007:196 2023-11-07
http://www.mandriva.com/security/advisories?name=MDKSA-2007:216 2023-11-07
http://www.novell.com/linux/security/advisories/2007_51_kernel.html 2023-11-07
http://www.novell.com/linux/security/advisories/2007_53_kernel.html 2023-11-07
http://www.redhat.com/support/errata/RHSA-2007-0939.html 2023-11-07
http://www.redhat.com/support/errata/RHSA-2007-0940.html 2023-11-07
http://www.ubuntu.com/usn/usn-508-1 2023-11-07
http://www.ubuntu.com/usn/usn-509-1 2023-11-07
http://www.ubuntu.com/usn/usn-510-1 2023-11-07
https://access.redhat.com/security/cve/CVE-2007-3105 2007-10-22
https://bugzilla.redhat.com/show_bug.cgi?id=248325 2007-10-22
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 <= 2.6.22
Search vendor "Linux" for product "Linux Kernel" and version " <= 2.6.22"
-
Affected