Redhat Enterprise Linux vulnerabilities

CVE-2007-5365 [HIGH] CWE-119 CVE-2007-5365: Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 throug Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU.

CVE-2007-0004 [LOW] CWE-264 CVE-2007-0004: The NFS client implementation in the kernel in Red Hat Enterprise Linux (RHEL) 3, when a filesystem The NFS client implementation in the kernel in Red Hat Enterprise Linux (RHEL) 3, when a filesystem is mounted with the noacl option, checks permissions for the open system call via vfs_permission (mode bits) data rather than an NFS ACCESS call to the server, which allows local client processes to obtain a false success status from open calls that the ser

CVE-2007-1865 [LOW] CWE-189 CVE-2007-1865: The ipv6_getsockopt_sticky function in the kernel in Red Hat Enterprise Linux (RHEL) Beta 5.1.0 allo The ipv6_getsockopt_sticky function in the kernel in Red Hat Enterprise Linux (RHEL) Beta 5.1.0 allows local users to obtain sensitive information (kernel memory contents) via a negative value of the len parameter. NOTE: this issue has been disputed in a bug comment, stating that "len is ignored when copying header info to the user's buffer.

CVE-2007-3379 [LOW] CVE-2007-3379: Unspecified vulnerability in the kernel in Red Hat Enterprise Linux (RHEL) 4 on the x86_64 platform Unspecified vulnerability in the kernel in Red Hat Enterprise Linux (RHEL) 4 on the x86_64 platform allows local users to cause a denial of service (OOPS) via unspecified vectors related to the get_gate_vma function and the fuser command.

CVE-2007-3739 [MEDIUM] CWE-119 CVE-2007-3739: mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does not prevent stack expansion from mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does not prevent stack expansion from entering into reserved kernel page memory, which allows local users to cause a denial of service (OOPS) via unspecified vectors.

CVE-2007-3849 [LOW] CWE-264 CVE-2007-3849: Red Hat Enterprise Linux (RHEL) 5 ships the rpm for the Advanced Intrusion Detection Environment (AI Red Hat Enterprise Linux (RHEL) 5 ships the rpm for the Advanced Intrusion Detection Environment (AIDE) before 0.13.1 with a database that lacks checksum information, which allows context-dependent attackers to bypass file integrity checks and modify certain files.

CVE-2007-3103 [MEDIUM] CWE-59 CVE-2007-3103: The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file.

CVE-2007-0773 [MEDIUM] CVE-2007-0773: The Linux kernel before 2.6.9-42.0.8 in Red Hat 4.4 allows local users to cause a denial of service The Linux kernel before 2.6.9-42.0.8 in Red Hat 4.4 allows local users to cause a denial of service (kernel OOPS from null dereference) via fput in a 32-bit ioctl on 64-bit x86 systems, an incomplete fix of CVE-2005-3044.1.

CVE-2007-3099 [LOW] CVE-2007-3099: usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 checks the client's UI usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 checks the client's UID on the listening AF_LOCAL socket instead of the new connection, which allows remote attackers to access the management interface and cause a denial of service (iscsid exit or iSCSI connection loss).

CVE-2007-0771 [MEDIUM] CVE-2007-0771: The utrace support in Linux kernel 2.6.18, and other versions, allows local users to cause a denial The utrace support in Linux kernel 2.6.18, and other versions, allows local users to cause a denial of service (system hang) related to "MT exec + utrace_attach spin failure mode," as demonstrated by ptrace-thrash.c.

CVE-2007-2030 [MEDIUM] CVE-2007-2030: lharc.c in lha does not securely create temporary files, which might allow local users to read or wr lharc.c in lha does not securely create temporary files, which might allow local users to read or write files by creating a file before LHA is invoked.

CVE-2007-1351 [HIGH] CWE-189 CVE-2007-1351: Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 2007040 Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.

CVE-2007-1352 [LOW] CVE-2007-1352: Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote a Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow.

CVE-2007-1716 [LOW] CVE-2007-1716: pam_console does not properly restore ownership for certain console devices when there are multiple pam_console does not properly restore ownership for certain console devices when there are multiple users logged into the console and one user logs out, which might allow local users to gain privileges.

CVE-2007-0001 [MEDIUM] CVE-2007-0001: The file watch implementation in the audit subsystem (auditctl -w) in the Red Hat Enterprise Linux ( The file watch implementation in the audit subsystem (auditctl -w) in the Red Hat Enterprise Linux (RHEL) 4 kernel 2.6.9 allows local users to cause a denial of service (kernel panic) by replacing a watched file, which does not cause the watch on the old inode to be dropped.

CVE-2007-1007 [CRITICAL] CVE-2007-1007: Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows remote attackers to cause a den Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the name, which is not properly handled in a call to the gnomemeeting_log_insert function.

CVE-2006-5753 [HIGH] CVE-2006-5753: Unspecified vulnerability in the listxattr system call in Linux kernel, when a "bad inode" is presen Unspecified vulnerability in the listxattr system call in Linux kernel, when a "bad inode" is present, allows local users to cause a denial of service (data corruption) and possibly gain privileges via unknown vectors.

CVE-2006-6235 [CRITICAL] CVE-2006-6235: A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 throu A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.

CVE-2006-4342 [MEDIUM] CWE-667 CVE-2006-4342: The kernel in Red Hat Enterprise Linux 3, when running on SMP systems, allows local users to cause a The kernel in Red Hat Enterprise Linux 3, when running on SMP systems, allows local users to cause a denial of service (deadlock) by running the shmat function on an shm at the same time that shmctl is removing that shm (IPC_RMID), which prevents a spinlock from being unlocked.

CVE-2006-5170 [HIGH] CWE-755 CVE-2006-5170: pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other di pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally repo