CVE-2007-3731

NULL pointer dereference triggered by ptrace

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The Linux kernel 2.6.20 and 2.6.21 does not properly handle an invalid LDT segment selector in %cs (the xcs field) during ptrace single-step operations, which allows local users to cause a denial of service (NULL dereference and OOPS) via certain code that makes ptrace PTRACE_SETREGS and PTRACE_SINGLESTEP requests, related to the TRACE_IRQS_ON function, and possibly related to the arch_ptrace function.

El kernel de Linux 2.6.20 y 2.6.21 no maneja de forma adecuada un segmento de selección LDT no válido en %cs (el campo xcs)a lo largo de las operaciones paso-simple ptrace, lo caul permite a usuarios loalces provocar denegación de servicio (referencia NULL y OOPS) a través de ciertos códigos que realizan las respuestas ptrace PTRACE_SETREGS y PTRACE_SINGLESTEP, relacionado con la función TRACE_IRQS_ON, y posiblemente relacionado con la función arch_ptrace.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-07-12 CVE Reserved
2007-09-17 CVE Published
2024-08-07 CVE Updated
2024-08-07 First Exploit
2024-12-21 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-20: Improper Input Validation
CWE-476: NULL Pointer Dereference

CAPEC

References (19)

URL	Tag	Source
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=29eb51101c02df517ca64ec472d7501127ad1da8	X_refsource_confirm
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=a10d9a71bafd3a283da240d2868e71346d2aef6f	X_refsource_confirm
http://osvdb.org/37286	Vdb Entry
http://secunia.com/advisories/26935	Third Party Advisory
http://secunia.com/advisories/26955	Third Party Advisory
http://secunia.com/advisories/26978	Third Party Advisory
http://secunia.com/advisories/27322	Third Party Advisory
http://secunia.com/advisories/29159	Third Party Advisory
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0094	X_refsource_confirm
http://www.securityfocus.com/archive/1/488972/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/25801	Vdb Entry
https://issues.rpath.com/browse/RPL-2304	X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10394	Signature

URL	Date	SRC
http://bugzilla.kernel.org/show_bug.cgi?id=8765	2024-08-07

URL	Date	SRC
https://bugzilla.redhat.com/show_bug.cgi?id=248324	2007-10-22

URL	Date	SRC
http://www.debian.org/security/2007/dsa-1378	2023-02-13
http://www.redhat.com/support/errata/RHSA-2007-0940.html	2023-02-13
http://www.ubuntu.com/usn/usn-518-1	2023-02-13
https://access.redhat.com/security/cve/CVE-2007-3731	2007-10-22

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				2.6.20 Search vendor "Linux" for product "Linux Kernel" and version "2.6.20"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				2.6.21 Search vendor "Linux" for product "Linux Kernel" and version "2.6.21"		-		Affected