CVE-2007-1865

Name of the Vulnerable Software and Affected Versions: Red Hat Enterprise Linux (RHEL) Beta version 5.1.0

Description: The issue allows local users to potentially obtain sensitive information, specifically kernel memory contents. This is achieved through the ipv6 getsockopt sticky function in the kernel by utilizing a negative value of the len parameter. However, it's worth noting that the validity of this issue has been disputed, with a comment suggesting that the len parameter is ignored when copying header information to the user's buffer.

Recommendations: For Red Hat Enterprise Linux (RHEL) Beta version 5.1.0, consider restricting access to the ipv6 getsockopt sticky function as a temporary mitigation measure until further clarification or a patch is available. Additionally, be cautious when handling the len parameter to prevent potential information disclosure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.