CVE-2007-0001
published 2007-03-02CVE-2007-0001: The file watch implementation in the audit subsystem (auditctl -w) in the Red Hat Enterprise Linux (RHEL) 4 kernel 2.6.9 allows local users to cause a denial…
PriorityP412medium4.7CVSS 2.0
AVLACMAuNCNINAC
EXPLOIT
EPSS
0.59%
43.6th percentile
The file watch implementation in the audit subsystem (auditctl -w) in the Red Hat Enterprise Linux (RHEL) 4 kernel 2.6.9 allows local users to cause a denial of service (kernel panic) by replacing a watched file, which does not cause the watch on the old inode to be dropped.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv2.04.7MEDIUMAV:L/AC:M/Au:N/C:N/I:N/A:C
vendor_redhat4.7MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v6fh-mg2v-xv8g: The file watch implementation in the audit subsystem (auditctl -w) in the Red Hat Enterprise Linux (RHEL) 4 kernel 2
ghsa_unreviewed·2022-05-01
CVE-2007-0001 [MEDIUM] GHSA-v6fh-mg2v-xv8g: The file watch implementation in the audit subsystem (auditctl -w) in the Red Hat Enterprise Linux (RHEL) 4 kernel 2
The file watch implementation in the audit subsystem (auditctl -w) in the Red Hat Enterprise Linux (RHEL) 4 kernel 2.6.9 allows local users to cause a denial of service (kernel panic) by replacing a watched file, which does not cause the watch on the old inode to be dropped.
VMware
Updated service console patches.
vendor_vmware·2008-01-07·CVSS 1.2
CVE-2007-3108 [LOW] Updated service console patches.
VMSA-2008-0001: Updated service console patches.
Updated service console patches. VMware Security Advisory VMware Security Advisory Advisory ID: VMware Security Advisory Synopsis: Updated service console patches. VMware Security Advisory Issue date: VMware Security Advisory Updated on:
CVEs: CVE-2007-3108, CVE-2007-4572, CVE-2007-5116, CVE-2007-5135, CVE-2007-5191, CVE-2007-5360, CVE-2007-5398
Red Hat
security flaw
vendor_redhat·2007-02-20·CVSS 4.7
CVE-2007-0001 [MEDIUM] security flaw
security flaw
The file watch implementation in the audit subsystem (auditctl -w) in the Red Hat Enterprise Linux (RHEL) 4 kernel 2.6.9 allows local users to cause a denial of service (kernel panic) by replacing a watched file, which does not cause the watch on the old inode to be dropped.
No detection rules found.
Bugzilla
CVE-2007-0001 security flaw
bugzilla·2018-08-16·CVSS 4.7
CVE-2007-0001 [MEDIUM] CVE-2007-0001 security flaw
CVE-2007-0001 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
The file watch implementation in the audit subsystem (auditctl -w) in the Red Hat Enterprise Linux (RHEL) 4 kernel 2.6.9 allows local users to cause a denial of service (kernel panic) by replacing a watched file, which does not cause the watch on the old inode to be dropped.
Bugzilla
CVE-2007-0001 kernel panic watching /etc/passwd
bugzilla·2007-01-17·CVSS 4.7
CVE-2007-0001 [MEDIUM] CVE-2007-0001 kernel panic watching /etc/passwd
CVE-2007-0001 kernel panic watching /etc/passwd
Description of problem:
Jan 17 11:13:11 lxwstest sshd(pam_unix)[3998]: session opened for user
clarkp by (uid=0)
Jan 17 11:14:43 lxwstest kernel: Unable to handle kernel NULL pointer
dereference at virtual address 00000004
Jan 17 11:14:43 lxwstest kernel: printing eip:
Jan 17 11:14:43 lxwstest kernel: c013e454
Jan 17 11:14:43 lxwstest kernel: *pde = 1e164001
Jan 17 11:14:43 lxwstest kernel: Oops: 0000 [#1]
Jan 17 11:14:43 lxwstest kernel: SMP
Jan 17 11:14:43 lxwstest kernel: Modules linked in: parport_pc lp
parport autofs4 i2c_dev i2c_core sunrpc ipt_REJECT ipt_state
ip_conntrack iptable_filter ip_tables dm_mod button battery ac md5 ipv6
uhci_hcd snd_intel8x0 snd_ac97_codec snd_pcm_oss snd_mixer_oss snd_pcm
snd_timer snd_page_alloc snd_mpu40
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=223129http://osvdb.org/33031http://secunia.com/advisories/24300http://www.redhat.com/support/errata/RHSA-2007-0085.htmlhttp://www.securityfocus.com/bid/22737http://www.securitytracker.com/id?1017705https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9560http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=223129http://osvdb.org/33031http://secunia.com/advisories/24300http://www.redhat.com/support/errata/RHSA-2007-0085.htmlhttp://www.securityfocus.com/bid/22737http://www.securitytracker.com/id?1017705https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9560
2007-03-02
Published