>> Linux Kernel Multiple Remote Denial of Service and Information Disclosure Vulnerabilities
Title : Linux Kernel Multiple Remote Denial of Service and Information Disclosure Vulnerabilities VUPEN ID : VUPEN/ADV-2007-2105 CVE ID : CVE-2007-2453 - CVE-2007-2875 - CVE-2007-2876
Rated as : Moderate Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2007-06-07
Technical Description
Multiple vulnerabilities have been identified in Linux Kernel, which could be exploited by remote attackers to bypass security checks, cause a denial of service or disclose sensitive information.
The first issue is caused by an error in the "sctp_new()" [net/netfilter/nf_conntrack_proto_sctp.c] function when creating a new connection with an unknown chunk type, which could be exploited by remote attackers to cause a NULL pointer dereference, creating a denial of service condition.
The second vulnerability is caused by an underflow error in the "cpuset_tasks_read()" [kernel/cpuset.c] function, which could be exploited by attackers to read kernel memory.
The third issue is caused by errors in the "extract_buf()" and "random_ioctl()" [drivers/char/random.c] functions when generating random numbers, which could potentially be exploited to bypass security restrictions.
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback If you have additional information or corrections for this security advisory please submit them via our contact form.
