Home Corporate Website Jobs Updated Mailing Lists RSS Blog  Online Shop Advertise
	Software Inspectors   Scan Online   Personal (PSI)   Network (NSI 2.0) Solutions For   Security Professionals   Security Vendors Free Solutions For   Open Communities   Journalists & Media Secunia Advisories   Search   Historic Advisories   Listed By Product   Listed By Vendor   Statistics / Graphs   Secunia Research   Report Vulnerability   About Advisories Virus Information   Chronological List   Last 10 Virus Alerts   About Virus Information Secunia Customers   Customer Area CVE Reference: CVE-2007-3105 NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. Original Page at CVE MITRE: CVE-2007-3105 Description: Stack-based buffer overflow in the random number generator (RNG) implementation in the Linux kernel before 2.6.22 might allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater than the output pool size, which triggers writing random numbers to the stack by the pool transfer function involving "bound check ordering". NOTE: this issue might only cross privilege boundaries in environments that have granular assignment of privileges for root. CVE Status: Candidate References: UBUNTU   http://www.ubuntu.com/usn/usn-510-1   http://www.ubuntu.com/usn/usn-508-1   http://www.ubuntu.com/usn/usn-509-1 SUSE   http://www.novell.com/linux/security/advisories/2007_53_kernel.html   http://www.novell.com/linux/security/advisories/2007_51_kernel.html SAID   Secunia Advisory: SA26664   Secunia Advisory: SA27436   Secunia Advisory: SA27322   Secunia Advisory: SA26651   Secunia Advisory: SA26643   Secunia Advisory: SA26500   Secunia Advisory: SA26647   Secunia Advisory: SA27212   Secunia Advisory: SA27227   Secunia Advisory: SA27747   Secunia Advisory: SA29058 REDHAT   http://www.redhat.com/support/errata/RHSA-2007-0940.html   http://www.redhat.com/support/errata/RHSA-2007-0939.html MANDRIVA   http://www.mandriva.com/security/advisories?name=MDKSA-2007:216   http://www.mandriva.com/security/advisories?name=MDKSA-2007:195   http://www.mandriva.com/security/advisories?name=MDKSA-2007:196 DEBIAN   http://www.debian.org/security/2007/dsa-1363   http://www.debian.org/security/2008/dsa-1504 CONFIRM   http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm   http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.22-git14.log BID   25348 Return to the previous page. Secunia PSI Scan | Patch | Track Free Download Secunia Poll Do you think it's important to read Setup/User Guides for applications for use within your network? Yes, I do it all the time Yes, but I do it rarely No See Results    Most Popular Advisories 1. Mozilla Firefox Multiple Vulnerabilities 2. Opera for Windows Unspecified Code Execution 3. Mozilla Thunderbird Multiple Vulnerabilities 4. VLC Media Player WAV Processing Integer Overflow 5. zlib Denial of Service Vulnerability 6. Opera Canvas Functions Information Disclosure 7. UnixWare ReliantHA Privilege Escalation Vulnerabilities 8. Fedora update for glib2 9. PCRE pcre_compile.c Buffer Overflow Vulnerability 10. GNOME Glib PCRE pcre_compile.c Buffer Overflow Vulnerability
Vulnerability Management - Terms & Conditions - Copyright 2002-2008 Secunia - Compliance - Contact Secunia