#VU95749 Configuration in Linux kernel - CVE-2007-3380

Cybersecurity Help s.r.o.

Published: 2007-07-21 | Updated: 2017-10-11

Vulnerability identifier: #VU95749

Vulnerability risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2007-3380

CWE-ID: CWE-16

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The Distributed Lock Manager (DLM) in the cluster manager for Linux kernel 2.6.15 allows remote attackers to cause a denial of service (loss of lock services) by connecting to the DLM port, which probably prevents other processes from accessing the service.

Mitigation
Install update from vendor's repository.

Vulnerable software versions

Linux kernel: All versions

External links
https://osvdb.org/37109
https://secunia.com/advisories/26139
https://secunia.com/advisories/27322
https://www.redhat.com/support/errata/RHSA-2007-0940.html
https://www.securityfocus.com/bid/24968
https://www.ubuntu.com/usn/usn-489-1
https://www.ubuntu.com/usn/usn-489-2
https://exchange.xforce.ibmcloud.com/vulnerabilities/35516
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9337

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Configuration in Linux kernel