| Vulnerability Name: | CVE-2007-3731 (CCN-36681) | ||||||||||||||||||||||||||||||||
| Assigned: | 2007-07-15 | ||||||||||||||||||||||||||||||||
| Published: | 2007-07-15 | ||||||||||||||||||||||||||||||||
| Updated: | 2023-02-13 | ||||||||||||||||||||||||||||||||
| Summary: | The Linux kernel 2.6.20 and 2.6.21 does not properly handle an invalid LDT segment selector in %cs (the xcs field) during ptrace single-step operations, which allows local users to cause a denial of service (NULL dereference and OOPS) via certain code that makes ptrace PTRACE_SETREGS and PTRACE_SINGLESTEP requests, related to the TRACE_IRQS_ON function, and possibly related to the arch_ptrace function. | ||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 4.9 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C) 3.9 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:UR)
1.7 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:UR)
| ||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-476 | ||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||||||||||||||||||||||
| References: | Source: CCN Type: Kernel Bug Tracker Bug 8765 NULL pointer dereference triggered by ptrace Source: secalert@redhat.com Type: Exploit secalert@redhat.com Source: MITRE Type: CNA CVE-2007-3731 Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: RHSA-2007-0940 Important: kernel security update Source: CCN Type: SA26935 Linux Kernel ptrace Single Step "CS" Null Pointer Dereference Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: DEBIAN Type: DSA-1378 linux-2.6 -- several vulnerabilities Source: CCN Type: OSVDB ID: 37286 Linux Kernel Invalid LDT Segment Selector Local DoS Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: BID-25801 Linux Kernel PTrace NULL Pointer Dereference Local Denial Of Service Vulnerability Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: USN-518-1 Linux kernel vulnerabilities Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: Patch secalert@redhat.com Source: XF Type: UNKNOWN kernel-ldt-segment-dos(36681) Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com | ||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration RedHat 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||