Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2007:0705

The remote host is missing updates announced in
advisory RHSA-2007:0705.

The Linux kernel handles the basic functions of the operating system.

These new kernel packages contain fixes for the following security issues:

* a flaw in the DRM driver for Intel graphics cards that allowed a local
user to access any part of the main memory. To access the DRM functionality
a user must have access to the X server which is granted through the
graphical login. This also only affected systems with an Intel 965 or later
graphic chipset. (CVE-2007-3851, Important)

* a flaw in the VFAT compat ioctl handling on 64-bit systems that allowed a
local user to corrupt a kernel_dirent struct and cause a denial of service
(system crash). (CVE-2007-2878, Important)

* a flaw in the connection tracking support for SCTP that allowed a remote
user to cause a denial of service by dereferencing a NULL pointer.
(CVE-2007-2876, Important)

* flaw in the CIFS filesystem which could cause the umask values of a
process to not be honored. This affected CIFS filesystems where the Unix
extensions are supported. (CVE-2007-3740, Important)

* a flaw in the stack expansion when using the hugetlb kernel on PowerPC
systems that allowed a local user to cause a denial of service.
(CVE-2007-3739, Moderate)

* a flaw in the ISDN CAPI subsystem that allowed a remote user to cause a
denial of service or potential remote access. Exploitation would require
the attacker to be able to send arbitrary frames over the ISDN network to
the victim's machine. (CVE-2007-1217, Moderate)

* a flaw in the cpuset support that allowed a local user to obtain
sensitive information from kernel memory. To exploit this the cpuset
filesystem would have to already be mounted. (CVE-2007-2875, Moderate)

* a flaw in the CIFS handling of the mount option sec= that didn't enable
integrity checking and didn't produce any error message. (CVE-2007-3843,

Red Hat Enterprise Linux 5 users are advised to upgrade to these packages,
which contain backported patches to correct these issues.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : High

CVSS Score:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-1217
BugTraq ID: 23333
Common Vulnerability Exposure (CVE) ID: CVE-2007-2875
BugTraq ID: 24389
Debian Security Information: DSA-1363 (Google Search)
SuSE Security Announcement: SUSE-SA:2007:053 (Google Search)
XForce ISS Database: kernel-cpusettasksread-info-disclosure(34779)
Common Vulnerability Exposure (CVE) ID: CVE-2007-2876
BugTraq ID: 24376
Debian Security Information: DSA-1356 (Google Search)
RedHat Security Advisories: RHSA-2007:0488
SuSE Security Announcement: SUSE-SA:2007:043 (Google Search)
SuSE Security Announcement: SUSE-SA:2007:051 (Google Search)
XForce ISS Database: kernel-sctpnew-dos(34777)
Common Vulnerability Exposure (CVE) ID: CVE-2007-2878
BugTraq ID: 24134
Debian Security Information: DSA-1479 (Google Search)
XForce ISS Database: kernel-vfatioctls-dos(34669)
Common Vulnerability Exposure (CVE) ID: CVE-2007-3739
Debian Security Information: DSA-1378 (Google Search)
Debian Security Information: DSA-1504 (Google Search)
XForce ISS Database: kernel-stack-expansion-dos(36592)
Common Vulnerability Exposure (CVE) ID: CVE-2007-3740
BugTraq ID: 25672
SuSE Security Announcement: SUSE-SA:2007:064 (Google Search)
SuSE Security Announcement: SUSE-SA:2008:006 (Google Search)
XForce ISS Database: kernel-cifs-filesystem-dos(36593)
Common Vulnerability Exposure (CVE) ID: CVE-2007-3843
BugTraq ID: 25244
Common Vulnerability Exposure (CVE) ID: CVE-2007-3851
BugTraq ID: 25263
CopyrightCopyright (c) 2007 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.