PT-2004-3660 · Linux+3 · Linux Kernel+3
Published
1970-01-01
·
Updated
2017-09-29
·
CVE-2007-6151
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Debian GNU/Linux versions prior to 2.6.23
Red Hat Enterprise Linux versions prior to 2.4.9
SUSE Linux Enterprise versions prior to 2.4.9
linux-image-2.6-686 versions prior to 2.6.23
linux-image-2.6-amd64 versions prior to 2.6.23
linux-image-2.6-xen-686 versions prior to 2.6.23
linux-image-2.6-vserver-686 versions prior to 2.6.23
linux-image-2.6-itanium versions prior to 2.6.23
linux-image-2.6-mckinley versions prior to 2.6.23
linux-image-2.6-em64t-p4-smp versions prior to 2.6.23
linux-image-2.6-parisc64 versions prior to 2.6.23
linux-image-2.6-s390x versions prior to 2.6.23
linux-image-2.6-sparc64 versions prior to 2.6.23
linux-image-2.6-powerpc versions prior to 2.6.23
linux-image-2.6-powerpc64 versions prior to 2.6.23
linux-image-2.6-alpha versions prior to 2.6.23
linux-image-2.6-alpha-smp versions prior to 2.6.23
linux-image-2.6-parisc versions prior to 2.6.23
linux-image-2.6-parisc-smp versions prior to 2.6.23
linux-image-2.6-parisc64-smp versions prior to 2.6.23
linux-image-2.6-s390 versions prior to 2.6.23
linux-image-2.6-s390-tape versions prior to 2.6.23
linux-image-2.6-sparc32 versions prior to 2.6.23
linux-image-2.6-sparc64-smp versions prior to 2.6.23
linux-image-2.6-r3k-kn02 versions prior to 2.6.23
linux-image-2.6-r4k-kn04 versions prior to 2.6.23
linux-image-2.6-r5k-cobalt versions prior to 2.6.23
linux-image-2.6-r5k-ip32 versions prior to 2.6.23
linux-image-2.6-sb1a-bcm91250a versions prior to 2.6.23
linux-image-2.6-sb1-bcm91250a versions prior to 2.6.23
linux-image-2.6-ixp4xx versions prior to 2.6.23
linux-image-2.6-iop32x versions prior to 2.6.23
linux-image-2.6-footbridge versions prior to 2.6.23
linux-image-2.6-mckinley-smp versions prior to 2.6.23
linux-image-2.6-itanium-smp versions prior to 2.6.23
linux-image-2.6-k7 versions prior to 2.6.23
linux-image-2.6-k7-smp versions prior to 2.6.23
linux-image-2.6-amd64-k8 versions prior to 2.6.23
linux-image-2.6-amd64-k8-smp versions prior to 2.6.23
linux-image-2.6-em64t-p4 versions prior to 2.6.23
linux-image-2.6-em64t-p4-smp versions prior to 2.6.23
linux-image-2.6-686-bigmem versions prior to 2.6.23
linux-image-2.6-686-smp versions prior to 2.6.23
linux-image-2.6-xen-amd64 versions prior to 2.6.23
linux-image-2.6-xen-vserver-amd64 versions prior to 2.6.23
linux-image-2.6-vserver-amd64 versions prior to 2.6.23
linux-image-2.6-vserver-amd64-k8 versions prior to 2.6.23
linux-image-2.6-vserver-amd64-k8-smp versions prior to 2.6.23
linux-image-2.6-vserver-686 versions prior to 2.6.23
linux-image-2.6-vserver-686-bigmem versions prior to 2.6.23
linux-image-2.6-vserver-k7 versions prior to 2.6.23
linux-image-2.6-vserver-powerpc versions prior to 2.6.23
linux-image-2.6-vserver-powerpc64 versions prior to 2.6.23
linux-image-2.6-vserver-s390x versions prior to 2.6.23
linux-image-2.6-vserver-sparc64 versions prior to 2.6.23
linux-image-2.6-alpha-legacy versions prior to 2.6.23
linux-image-2.6-alpha-smp versions prior to 2.6.23
linux-image-2.6-parisc versions prior to 2.6.23
linux-image-2.6-parisc-smp versions prior to 2.6.23
linux-image-2.6-parisc64 versions prior to 2.6.23
linux-image-2.6-parisc64-smp versions prior to 2.6.23
linux-image-2.6-powerpc versions prior to 2.6.23
linux-image-2.6-powerpc-miboot versions prior to 2.6.23
linux-image-2.6-powerpc-smp versions prior to 2.6.23
linux-image-2.6-powerpc64 versions prior to 2.6.23
linux-image-2.6-s390 versions prior to 2.6.23
linux-image-2.6-s390-tape versions prior to 2.6.23
linux-image-2.6-s390x versions prior to 2.6.23
linux-image-2.6-sparc32 versions prior to 2.6.23
linux-image-2.6-sparc64 versions prior to 2.6.23
linux-image-2.6-sparc64-smp versions prior to 2.6.23
Description
The vulnerability is caused by a buffer overflow in the
isdn ioctl function in isdn common.c of the Linux kernel. This can be exploited by a local attacker to cause a denial of service or potentially execute arbitrary code. The vulnerability can be exploited by sending a crafted ioctl struct to the isdn ioctl function, which can cause a buffer overflow and potentially allow an attacker to execute arbitrary code.The estimated number of potentially affected devices worldwide is not available.
There have been reports of real-world incidents where this issue was exploited, but the details are not publicly available.
Technical details about exploitation include:
- API Endpoints: The vulnerability can be exploited through the
isdn ioctlfunction. - Vulnerable Parameters or Variables: The
ioctsparameter in theisdn ioctlfunction is vulnerable to a buffer overflow. - Function Names: The
isdn ioctlfunction is vulnerable to a buffer overflow.
Recommendations
- For Debian GNU/Linux versions prior to 2.6.23, update to a newer version of the Linux kernel.
- For Red Hat Enterprise Linux versions prior to 2.4.9, update to a newer version of the Linux kernel.
- For SUSE Linux Enterprise versions prior to 2.4.9, update to a newer version of the Linux kernel.
- For all other affected versions, update to a newer version of the Linux kernel or apply the necessary patches to fix the vulnerability.
- As a temporary workaround, consider disabling the
isdn ioctlfunction until a patch is available. - Restrict access to the vulnerable
isdn ioctlfunction to minimize the risk of exploitation. - Avoid using the
ioctsparameter in the affected API endpoint until the issue is resolved.
Exploit
Fix
DoS
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Debian
Linux Kernel
Red Hat
Suse Linux Enterprise