CVE-2007-3105 in Kernelinfo

Summary

Stack-based buffer overflow in the random number generator (RNG) implementation in the Linux kernel before 2.6.22 might allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater than the output pool size, which triggers writing random numbers to the stack by the pool transfer function involving "bound check ordering". NOTE: this issue might only cross privilege boundaries in environments that have granular assignment of privileges for root.

Once again VulDB remains the best source for vulnerability data.

Reservation

06/07/2007

Disclosure

07/27/2007

Moderation

VulDB entry created

Entries

VDB-38037 (1)

CPE

ready

CWE

CWE-119 (Confirmed)

CVSS

5.9

EPSS

0.00156

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2007-3105
NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-3105
CVE Details	https://www.cvedetails.com/cve/CVE-2007-3105/

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!