Detections
Analytics
Fedora 8 : kernel-2.6.23.8-63.fc8 (2007-3837)
high Nessus Plugin ID 29193
Synopsis
The remote Fedora host is missing a security update.Description
Update to kernel 2.6.23.9-rc1:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23.2 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23.3 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23.4 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23.5 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23.6 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23.7 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23.8 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23.9
CVE-2007-5501: The tcp_sacktag_write_queue function in net/ipv4/tcp_input.c in Linux kernel 2.6.24-rc2 and earlier allows remote attackers to cause a denial of service (crash) via crafted ACK responses that trigger a NULL pointer dereference.
CVE-2007-5500: The wait_task_stopped function in the Linux kernel before 2.6.23.8 checks a TASK_TRACED bit instead of an exit_state value, which allows local users to cause a denial of service (machine crash) via unspecified vectors.
Additional fixes: Fix oops in selinux bitmap code (#394501) Fix oops in netfilter NAT module Major wireless driver updates. libata: fix resume for some devices libata: possible fix for bug #379971 libata:
fix broken sata_sis driver (#365331) Automatically load the Dell dcdbas driver (#248257) Initial FireWire OHCI 1.0 Isochronous Receive support (#344851) Touchpad support for Dell Vostro 1400 and Thinkpad R61 (#375471)
-63: Fix b43 Revision D error messages. Restore ability to add/remove virtual i/fs to mac80211 devices
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
Solution
Update the affected packages.See Also
http://www.nessus.org/u?282604f1
http://www.nessus.org/u?5b24e754
http://www.nessus.org/u?6f4e90bf
http://www.nessus.org/u?8b5739f4
http://www.nessus.org/u?dfaed5ff
http://www.nessus.org/u?bda3e1fe
http://www.nessus.org/u?00091f6b
Plugin Details
Severity: High
ID: 29193
File Name: fedora_2007-3837.nasl
Version: 1.18
Type: local
Agent: unix
Family: Fedora Local Security Checks
Published: 12/4/2007
Updated: 1/11/2021
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: High
Base Score: 7.8
Temporal Score: 6.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C
Vulnerability Information
CPE: p-cpe:/a:fedoraproject:fedora:kernel-debuginfo, p-cpe:/a:fedoraproject:fedora:kernel-pae-devel, p-cpe:/a:fedoraproject:fedora:kernel-debug, p-cpe:/a:fedoraproject:fedora:kernel-debug-devel, p-cpe:/a:fedoraproject:fedora:kernel-devel, p-cpe:/a:fedoraproject:fedora:kernel-doc, p-cpe:/a:fedoraproject:fedora:kernel, cpe:/o:fedoraproject:fedora:8, p-cpe:/a:fedoraproject:fedora:kernel-debug-debuginfo, p-cpe:/a:fedoraproject:fedora:kernel-pae-debug, p-cpe:/a:fedoraproject:fedora:kernel-pae-debug-debuginfo, p-cpe:/a:fedoraproject:fedora:kernel-headers, p-cpe:/a:fedoraproject:fedora:kernel-debuginfo-common, p-cpe:/a:fedoraproject:fedora:kernel-pae, p-cpe:/a:fedoraproject:fedora:kernel-pae-debuginfo, p-cpe:/a:fedoraproject:fedora:kernel-pae-debug-devel
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 12/3/2007
Reference Information
CVE: CVE-2007-5500, CVE-2007-5501