Info

Last Modified

over 2 years ago

Percent Complete

10%

Disclosure

Feb 19, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

This Entry needs help! It is only 10% Complete. Click the edit link above to add more information.

Contributing is fast and easy, and benefits the entire security community.

Description

(Description Provided by CVE) : The Linux kernel 2.6.13 and other versions before 2.6.20.1 allows remote attackers to cause a denial of service (oops) via a crafted NFSACL 2 ACCESS request that triggers a free of an incorrect pointer.

Classification

Attack Type: Denial of Service
Impact: Loss of Availability

Products

Unknown or Incomplete

References

CVE ID: 2007-0772 (see also: NVD)
Bugtraq ID: 22625
Secunia Advisory ID: 24201 24201 24215 24303 24400 24400 24482 24482 24547 24752 24777 25691
SCIP VulDB ID: 2949
ISS X-Force ID: 32578
VUPEN Advisory: ADV-2007-0660
Other Advisory URL: http://fedoranews.org/cms/node/2739
http://fedoranews.org/cms/node/2740
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2007:060
http://issues.rpath.com/browse/RPL-1063
http://lists.rpath.com/pipermail/security-announce/2007-June/000200.html
http://lists.suse.com/archive/suse-security-announce/2007-Feb/0005.html
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0004.html
http://www.mandriva.com/security/advisories?name=MDKSA-2007:060
http://www.mandriva.com/security/advisories?name=MDKSA-2007:078
http://www.novell.com/linux/security/advisories/2007_18_kernel.html
http://www.ubuntu.com/usn/usn-451-1
Vendor Specific News/Changelog Entry: http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.1
https://issues.rpath.com/browse/RPL-1063

Tools & Filters

	24766 24767 24810 24824 24944 25048 25128 25587 27293 28048

Credit

Unknown or Incomplete

CVSSv2 Score

CVSSv2 Base Score = 7.8
Source: nvd.nist.gov | Generated: 2007-02-20 | Disagree?

Blogs

This product uses the Daylife API but is not endorsed or certified by Daylife.

This section lists the latest news and blogs found via the daylife API (and for older items, the technorati API), which mention or otherwise discuss this vulnerability.

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.