#VU95214 Memory corruption in Linux kernel - CVE-2007-6063
Vulnerability identifier: #VU95214
Vulnerability risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2007-6063
CWE-ID:
CWE-119
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to execute arbitrary code.
Buffer overflow in the isdn_net_setcfg function in isdn_net.c in Linux kernel 2.6.23 allows local users to have an unknown impact via a crafted argument to the isdn_ioctl function.
Mitigation
Install update from vendor's repository.
Vulnerable software versions
Linux kernel: All versions
External links
https://bugzilla.kernel.org/show_bug.cgi?id=9416
https://lists.opensuse.org/opensuse-security-announce/2007-12/msg00001.html
https://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html
https://rhn.redhat.com/errata/RHSA-2008-0055.html
https://secunia.com/advisories/27842
https://secunia.com/advisories/27912
https://secunia.com/advisories/28141
https://secunia.com/advisories/28706
https://secunia.com/advisories/28748
https://secunia.com/advisories/28806
https://secunia.com/advisories/28971
https://secunia.com/advisories/29058
https://secunia.com/advisories/29236
https://secunia.com/advisories/33201
https://secunia.com/advisories/33280
https://www.debian.org/security/2007/dsa-1436
https://www.debian.org/security/2008/dsa-1503
https://www.debian.org/security/2008/dsa-1504
https://www.mandriva.com/security/advisories?name=MDVSA-2008:008
https://www.mandriva.com/security/advisories?name=MDVSA-2008:112
https://www.redhat.com/support/errata/RHSA-2008-0154.html
https://www.redhat.com/support/errata/RHSA-2008-0787.html
https://www.redhat.com/support/errata/RHSA-2008-0973.html
https://www.securityfocus.com/bid/26605
https://www.ubuntu.com/usn/usn-574-1
https://www.ubuntu.com/usn/usn-578-1
https://www.vupen.com/english/advisories/2007/4046
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6514
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9846
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
