CVE-2007-4573 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2007-4573
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-4573

Description: The IA32 system call emulation functionality in Linux kernel 2.4.x and 2.6.x before 2.6.22.7, when running on the x86_64 architecture, does not zero extend the eax register after the 32bit entry path to ptrace is used, which might allow local users to gain privileges by triggering an out-of-bounds access to the system call table using the %RAX register.

CVE Status: Candidate

References: UBUNTU http://www.ubuntu.com/usn/usn-518-1 SUSE http://www.novell.com/linux/security/advisories/2007_53_kernel.html http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00001.html ST 1018748 SAID Secunia Advisory: SA26994 Secunia Advisory: SA26995 Secunia Advisory: SA26978 Secunia Advisory: SA26917 Secunia Advisory: SA26955 Secunia Advisory: SA26953 Secunia Advisory: SA26934 Secunia Advisory: SA26919 Secunia Advisory: SA27212 Secunia Advisory: SA27227 Secunia Advisory: SA27912 Secunia Advisory: SA29058 REDHAT http://www.redhat.com/support/errata/RHSA-2007-0936.html http://www.redhat.com/support/errata/RHSA-2007-0937.html http://www.redhat.com/support/errata/RHSA-2007-0938.html MLIST http://lkml.org/lkml/2007/9/21/513 http://lkml.org/lkml/2007/9/21/512 MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:008 http://www.mandriva.com/security/advisories?name=MDVSA-2008:105 http://www.mandriva.com/security/advisories?name=MDKSA-2007:196 http://www.mandriva.com/security/advisories?name=MDKSA-2007:195 FULLDISC http://marc.info/?l=full-disclosure&m=119062587407908&w=2 FEDORA http://fedoranews.org/updates/FEDORA-2007-229.shtml DEBIAN http://www.debian.org/security/2008/dsa-1504 http://www.debian.org/security/2007/dsa-1381 http://www.debian.org/security/2007/dsa-1378 CONFIRM http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.35.3 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.7 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/480705/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/480451/100/0/threaded BID 25774

Return to the previous page.