Vulnerability Name:

CVE-2007-2875 (CCN-34779)

Assigned:2007-06-07
Published:2007-06-07
Updated:2018-10-19
Summary:Integer underflow in the cpuset_tasks_read function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
1.6 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
1.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-189
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2007-2875

Source: CONFIRM
Type: Vendor Advisory
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.13

Source: CONFIRM
Type: Vendor Advisory
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.4

Source: IDEFENSE
Type: Broken Link
20070607 Linux Kernel cpuset tasks Information Disclosure Vulnerability

Source: OSVDB
Type: Broken Link
37113

Source: CCN
Type: RHSA-2007-0705
Important: kernel security update

Source: CCN
Type: SA25594
Linux Kernel Multiple Vulnerabilities

Source: SECUNIA
Type: Third Party Advisory
26133

Source: SECUNIA
Type: Third Party Advisory
26139

Source: SECUNIA
Type: Third Party Advisory
26620

Source: SECUNIA
Type: Third Party Advisory
26647

Source: SECUNIA
Type: Third Party Advisory
26760

Source: SECUNIA
Type: Third Party Advisory
27227

Source: CCN
Type: SECTRACK ID: 1018211
Linux Kernel cpuset_tasks_read() Memory Disclosure Lets Local Users View Portions of Kernel Memory

Source: DEBIAN
Type: Third Party Advisory
DSA-1363

Source: DEBIAN
Type: DSA-1363
linux-2.6 -- several vulnerabilities

Source: CCN
Type: The Linux Kernel Archives
ChangeLog-2.6.21.4

Source: MANDRIVA
Type: Third Party Advisory
MDKSA-2007:171

Source: MANDRIVA
Type: Third Party Advisory
MDKSA-2007:196

Source: SUSE
Type: Third Party Advisory
SUSE-SA:2007:053

Source: CCN
Type: OSVDB ID: 37113
Linux Kernel cpuset_tasks_read Function Local Underflow

Source: REDHAT
Type: Third Party Advisory
RHSA-2007:0705

Source: BID
Type: Patch, Third Party Advisory, VDB Entry
24389

Source: CCN
Type: BID-24389
Linux Kernel CPUSet Tasks Memory Leak Information Disclosure Vulnerability

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1018211

Source: CCN
Type: USN-486-1
Linux kernel vulnerabilities

Source: UBUNTU
Type: Third Party Advisory
USN-486-1

Source: CCN
Type: USN-489-1
Linux kernel vulnerabilities

Source: UBUNTU
Type: Third Party Advisory
USN-489-1

Source: CCN
Type: USN-510-1
Linux kernel vulnerabilities

Source: UBUNTU
Type: Third Party Advisory
USN-510-1

Source: VUPEN
Type: Third Party Advisory
ADV-2007-2105

Source: XF
Type: Third Party Advisory, VDB Entry
kernel-cpusettasksread-info-disclosure(34779)

Source: XF
Type: UNKNOWN
kernel-cpusettasksread-info-disclosure(34779)

Source: CCN
Type: iDefense Labs PUBLIC ADVISORY: 06.07.07
Linux Kernel cpuset tasks Information Disclosure Vulnerability

Source: OVAL
Type: Third Party Advisory
oval:org.mitre.oval:def:9251

Source: SUSE
Type: SUSE-SA:2007:053
Linux kernel privilege escalation

Vulnerable Configuration:Configuration 1:
  • cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:* (Version < 2.6.20.13)
  • OR cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:* (Version >= 2.6.21 and < 2.6.21.4)

    • Configuration 2:
  • cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:linux:linux_kernel:2.6.21:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.20:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.20.1:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.20.10:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.20.11:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.20.12:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.20.13:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.20.14:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.20.2:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.20.3:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.20.4:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.20.5:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.20.8:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.20.9:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.21.1:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.21.2:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.21.3:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.20.6:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.20.7:*:*:*:*:*:*:*
  • AND
  • cpe:/o:suse:suse_linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
  • OR cpe:/o:novell:suse_linux_enterprise_server:10:sp2:itanium_ia64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.04:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1::x86-64:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20072875
    V
    		CVE-2007-2875
    2015-11-16
    oval:org.mitre.oval:def:17541
    P
    		USN-510-1 -- linux-source-2.6.20 vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:20520
    P
    		DSA-1363-1 linux-2.6
    2014-06-23
    oval:org.mitre.oval:def:22545
    P
    		ELSA-2007:0705: kernel security update (Important)
    2014-05-26
    oval:org.mitre.oval:def:9251
    V
    		Integer underflow in the cpuset_tasks_read function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file.
    2013-04-29
    oval:com.redhat.rhsa:def:20070705
    P
    		RHSA-2007:0705: kernel security update (Important)
    2007-09-13
    oval:org.debian:def:1363
    V
    		several vulnerabilities
    2007-08-31
    BACK
    linux linux kernel *
    linux linux kernel *
    debian debian linux 3.1
    canonical ubuntu linux 6.06
    canonical ubuntu linux 6.10
    canonical ubuntu linux 7.04
    linux linux kernel 2.6.21
    linux linux kernel 2.6.20
    linux linux kernel 2.6.20.1
    linux linux kernel 2.6.20.10
    linux linux kernel 2.6.20.11
    linux linux kernel 2.6.20.12
    linux linux kernel 2.6.20.13
    linux linux kernel 2.6.20.14
    linux linux kernel 2.6.20.2
    linux linux kernel 2.6.20.3
    linux linux kernel 2.6.20.4
    linux linux kernel 2.6.20.5
    linux linux kernel 2.6.20.8
    linux linux kernel 2.6.20.9
    linux linux kernel 2.6.21.1
    linux linux kernel 2.6.21.2
    linux linux kernel 2.6.21.3
    linux linux kernel 2.6.20.6
    linux linux kernel 2.6.20.7
    suse suse linux *
    novell linux desktop 9
    novell open enterprise server *
    canonical ubuntu 6.06
    suse linux enterprise server 9
    novell suse linux enterprise server 10 sp2
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    redhat enterprise linux 5
    redhat enterprise linux 5
    mandrakesoft mandrake linux 2007.1
    mandrakesoft mandrake linux 2008.0
    debian debian linux 4.0
    canonical ubuntu 7.04
    redhat enterprise linux 5
    mandrakesoft mandrake linux 2007.1
    novell open enterprise server *
    novell opensuse 10.2
    novell opensuse 10.3