Linux Kernel up to 2.6.16.8 nf_conntrack_h323_asn1.c decode_choice numeric error
CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
6.7 | $0-$5k | 0.00 |
A vulnerability was found in Linux Kernel up to 2.6.16.8 (Operating System) and classified as critical. This issue affects the function decode_choice
of the file net/netfilter/nf_conntrack_h323_asn1.c. The manipulation with an unknown input leads to a numeric error vulnerability. Using CWE to declare the problem leads to CWE-189. Impacted is availability. The summary by CVE is:
The decode_choice function in net/netfilter/nf_conntrack_h323_asn1.c in the Linux kernel before 2.6.20.15, 2.6.21.x before 2.6.21.6, and before 2.6.22 allows remote attackers to cause a denial of service (crash) via an encoded, out-of-range index value for a choice field, which triggers a NULL pointer dereference.
The weakness was published 07/08/2007 (Website). It is possible to read the advisory at secunia.com. The identification of this vulnerability is CVE-2007-3642 since 07/09/2007. The exploitation is known to be easy. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. Technical details of the vulnerability are known, but there is no available exploit.
It is declared as proof-of-concept. The vulnerability scanner Nessus provides a plugin with the ID 27691 (Fedora 7 : kernel-2.6.22.1-27.fc7 (2007-1130)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Fedora Local Security Checks.
Upgrading to version 2.6.16.9 eliminates this vulnerability.
The vulnerability is also documented in the databases at X-Force (35857) and Tenable (27691). Similar entries are available at 3167, 3168 and 24081.
Product
Type
Vendor
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.5VulDB Meta Temp Score: 6.7
VulDB Base Score: 7.5
VulDB Temp Score: 6.7
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Numeric errorCWE: CWE-189
CAPEC: 🔍
ATT&CK: 🔍
Local: No
Remote: Yes
Availability: 🔍
Status: Proof-of-Concept
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Nessus ID: 27691
Nessus Name: Fedora 7 : kernel-2.6.22.1-27.fc7 (2007-1130)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Port: 🔍
OpenVAS ID: 58528
OpenVAS Name: Debian Security Advisory DSA 1356-1 (linux-2.6)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Kernel 2.6.16.9
Timeline
07/08/2007 🔍07/09/2007 🔍
07/09/2007 🔍
07/09/2007 🔍
07/09/2007 🔍
07/09/2007 🔍
07/09/2007 🔍
08/20/2007 🔍
11/06/2007 🔍
03/15/2015 🔍
07/20/2021 🔍
Sources
Vendor: kernel.orgAdvisory: secunia.com⛔
Status: Not defined
Confirmation: 🔍
CVE: CVE-2007-3642 (🔍)
OVAL: 🔍
X-Force: 35857
Vulnerability Center: 15888 - Linux Kernel before 2.6.22 Vulnerability Allows Remote Attacker to Cause DoS, Medium
SecurityFocus: 24818 - Linux Kernel Decode_Choices Function Remote Denial Of Service Vulnerability
Secunia: 25955 - Linux Kernel Security Bypass and Multiple Denial of Service Vulnerabilities, Moderately Critical
OSVDB: 37117 - Linux Kernel net/netfilter/nf_conntrack_h323_asn1.c decode_choice Function Remote DoS
Vupen: ADV-2007-2466
See also: 🔍
Entry
Created: 03/15/2015 15:58Updated: 07/20/2021 19:24
Changes: 03/15/2015 15:58 (68), 08/19/2017 09:51 (14), 07/20/2021 19:24 (3)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.