Vulnerability Name:

CVE-2007-0001 (CCN-32773)

Assigned:2006-12-19
Published:2007-02-20
Updated:2017-10-11
Summary:The file watch implementation in the audit subsystem (auditctl -w) in the Red Hat Enterprise Linux (RHEL) 4 kernel 2.6.9 allows local users to cause a denial of service (kernel panic) by replacing a watched file, which does not cause the watch on the old inode to be dropped.
CVSS v3 Severity:6.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:4.7 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:N/A:C)
3.5 Low (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
4.9 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: Red Hat Bugzilla Bug 223129
Bugzilla Bug 223129: CVE-2007-0001 kernel panic watching /etc/passwd

Source: MISC
Type: Patch
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=223129

Source: MITRE
Type: CNA
CVE-2007-0001

Source: OSVDB
Type: UNKNOWN
33031

Source: CCN
Type: RHSA-2007-0085
Important: kernel security update

Source: SECUNIA
Type: Vendor Advisory
24300

Source: CCN
Type: SECTRACK ID: 1017705
Red Hat Linux Kernel Filesystem Auditing Bug Lets Local Users Deny Service

Source: CCN
Type: ASA-2007-115
kernel security update (RHSA-2007-0085)

Source: CCN
Type: OSVDB ID: 33031
Red Hat Enterprise Linux Kernel auditctl -w Local DoS

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2007:0085

Source: BID
Type: UNKNOWN
22737

Source: CCN
Type: BID-22737
Linux Kernel Audit Subsystems Local Denial of Service Vulnerability

Source: SECTRACK
Type: UNKNOWN
1017705

Source: XF
Type: UNKNOWN
kernel-audit-dos(32773)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9560

Vulnerable Configuration:Configuration 1:
  • cpe:/o:redhat:enterprise_linux:4.0:*:linux_kernel_2.6.9:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:linux:linux_kernel:2.6.9:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:9560
    V
    		The file watch implementation in the audit subsystem (auditctl -w) in the Red Hat Enterprise Linux (RHEL) 4 kernel 2.6.9 allows local users to cause a denial of service (kernel panic) by replacing a watched file, which does not cause the watch on the old inode to be dropped.
    2013-04-29
    oval:com.redhat.rhsa:def:20070085
    P
    		RHSA-2007:0085: kernel security update (Important)
    2007-02-27
    BACK
    redhat enterprise linux 4.0
    linux linux kernel 2.6.9
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4