{ "id": "CVE-2007-5501", "sourceIdentifier": "secalert@redhat.com", "published": "2007-11-15T20:46:00.000", "lastModified": "2025-04-09T00:30:58.490", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The tcp_sacktag_write_queue function in net/ipv4/tcp_input.c in Linux kernel 2.6.21 through 2.6.23.7, and 2.6.24-rc through 2.6.24-rc2, allows remote attackers to cause a denial of service (crash) via crafted ACK responses that trigger a NULL pointer dereference." }, { "lang": "es", "value": "La funci\u00f3n tcp_sacktag_write_queue en el archivo net/ipv4/tcp_input.c en el kernel de Linux versiones 2.6.21 hasta 2.6.23.7 ??y versiones 2.6.24-rc hasta 2.6.24-rc2, permite a atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo de aplicaci\u00f3n) por medio de respuestas ACK dise\u00f1adas que desencadenan una desreferencia del puntero" } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "baseScore": 7.8, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "COMPLETE" }, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-399" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21:*:*:*:*:*:*:*", "matchCriteriaId": "50B422D1-6C6E-4359-A169-3EED78A1CF40" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21:rc1:*:*:*:*:*:*", "matchCriteriaId": "08A6E33E-5847-45DA-B9C9-79A7C5C877D6" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21:rc2:*:*:*:*:*:*", "matchCriteriaId": "B1F60C33-3CEA-45F0-97FA-18C029270190" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21:rc3:*:*:*:*:*:*", "matchCriteriaId": "247E13CB-9B11-4B64-80AD-C0F8482CCC0E" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21:rc4:*:*:*:*:*:*", "matchCriteriaId": "903FE5D3-A9FB-466D-833B-448233BB0803" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21:rc5:*:*:*:*:*:*", "matchCriteriaId": "958EDC43-0848-4D93-9D07-6A085A5940B0" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21:rc6:*:*:*:*:*:*", "matchCriteriaId": "AD35F21D-0A28-4C14-BCF5-8EDA760701C0" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21:rc7:*:*:*:*:*:*", "matchCriteriaId": "3AAD8BE9-A05B-40E8-80DF-0B2878968BD6" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21.1:*:*:*:*:*:*:*", "matchCriteriaId": "6AD2E9DC-2876-4515-BCE6-DDD0CC6A5708" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21.2:*:*:*:*:*:*:*", "matchCriteriaId": "A2F19064-CFBF-4B3C-A0A1-CE62265CD592" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21.3:*:*:*:*:*:*:*", "matchCriteriaId": "AD3F0CEC-B8FA-47E3-BA3E-182F43D3DA86" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21.4:*:*:*:*:*:*:*", "matchCriteriaId": "AB759752-DC19-4750-838B-056063EFDC5F" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21.5:*:*:*:*:*:*:*", "matchCriteriaId": "96A43C95-8569-40BE-9E5B-F9B3D0B9D188" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21.6:*:*:*:*:*:*:*", "matchCriteriaId": "ABD70B2B-9827-4DBB-B82D-0B70C2D4AB1F" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21.7:*:*:*:*:*:*:*", "matchCriteriaId": "99662904-E5E3-4E81-B199-39707EAEB652" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22:*:*:*:*:*:*:*", "matchCriteriaId": "615BDD1D-36AA-4976-909B-F0F66BF1090C" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22:rc1:*:*:*:*:*:*", "matchCriteriaId": "2AAA75FD-FBF0-4D0D-9485-9CC19559DD66" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22:rc2:*:*:*:*:*:*", "matchCriteriaId": "053D359F-F2DA-47DB-9DD1-B49811DFF620" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22:rc3:*:*:*:*:*:*", "matchCriteriaId": "39CBD1BA-B8A9-404D-9E94-5E643EE313CA" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22:rc4:*:*:*:*:*:*", "matchCriteriaId": "6465E61D-0238-4ED3-B4CB-E3B93F4F324F" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22:rc5:*:*:*:*:*:*", "matchCriteriaId": "830B8340-2B8F-4F0A-8943-F4413411573C" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22:rc6:*:*:*:*:*:*", "matchCriteriaId": "D123AAFE-3F17-45C4-9382-BA392FD022C4" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22:rc7:*:*:*:*:*:*", "matchCriteriaId": "E0C256E6-2691-4478-A51C-DE580A717AB9" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.1:*:*:*:*:*:*:*", "matchCriteriaId": "EE8A26D6-1BDA-45F0-8F7C-F95986050E32" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.2:*:*:*:*:*:*:*", "matchCriteriaId": "61A3EDF2-09D7-4116-AE46-D86E4B9602AC" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.3:*:*:*:*:*:*:*", "matchCriteriaId": "F320FA9F-C13D-4AA3-B838-A0E5D63E6A29" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.4:*:*:*:*:*:*:*", "matchCriteriaId": "B179CF1D-084D-4B21-956F-E55AC6BDE026" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.5:*:*:*:*:*:*:*", "matchCriteriaId": "6F1B4877-286A-44B5-9C5C-0403F75B2BAA" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.6:*:*:*:*:*:*:*", "matchCriteriaId": "432CA976-6EFA-4D34-B5EA-CD772D067F93" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.7:*:*:*:*:*:*:*", "matchCriteriaId": "6E476195-657E-416E-BC16-44A18B06A133" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.8:*:*:*:*:*:*:*", "matchCriteriaId": "12A55028-B8F9-4AD2-AE57-A80D561F3C79" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.9:*:*:*:*:*:*:*", "matchCriteriaId": "0C4E641C-67D4-4599-8EFB-0B2F8D81D68C" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.10:*:*:*:*:*:*:*", "matchCriteriaId": "70460F6C-D6C0-4C1A-B13E-368705EAF223" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.11:*:*:*:*:*:*:*", "matchCriteriaId": "3F26BA18-08AD-45FE-9F83-25CCB2E27270" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.12:*:*:*:*:*:*:*", "matchCriteriaId": "6EBFF148-3EDA-4216-910B-8930D8C443C2" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.13:*:*:*:*:*:*:*", "matchCriteriaId": "648C63F7-EA1D-4F2E-B8AF-1F380C83E542" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.14:*:*:*:*:*:*:*", "matchCriteriaId": "1697B855-4834-4633-A5C8-C1F7F13ACE0D" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.15:*:*:*:*:*:*:*", "matchCriteriaId": "1FBAE75F-9145-4B9A-A6D8-E488C5326145" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.16:*:*:*:*:*:*:*", "matchCriteriaId": "DFF566DA-0F04-48DA-AA40-565979C55328" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.17:*:*:*:*:*:*:*", "matchCriteriaId": "5990C6C2-2F66-4C4D-8224-74163865F410" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.18:*:*:*:*:*:*:*", "matchCriteriaId": "3A45A9B9-4B19-4A5B-BC95-BCBC4EF00F12" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.19:*:*:*:*:*:*:*", "matchCriteriaId": "C23AD176-3B99-4593-BCBD-13C1E579A13E" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.20:*:*:*:*:*:*:*", "matchCriteriaId": "034DFD7F-8919-4245-8480-7B272F591271" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.21:*:*:*:*:*:*:*", "matchCriteriaId": "4CEBC606-6488-48CE-8AA8-5B8CC724D5D0" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.22:*:*:*:*:*:*:*", "matchCriteriaId": "A83C60AF-50A9-480E-860D-45E80AC0A6B7" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23:*:*:*:*:*:*:*", "matchCriteriaId": "5C6A3A30-FEA4-40B6-98A9-1840BB4E8CBE" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23:rc1:*:*:*:*:*:*", "matchCriteriaId": "0E249774-CE05-43D5-A5A3-7CCE24BB2AD9" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23:rc2:*:*:*:*:*:*", "matchCriteriaId": "8D42BA44-C69B-4170-9867-CABF93CA9BD6" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23:rc3:*:*:*:*:*:*", "matchCriteriaId": "B6BCD075-9FCE-496C-9807-3A13998129B1" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23:rc4:*:*:*:*:*:*", "matchCriteriaId": "460BC48C-1598-4739-A64B-A2350BC6BD28" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23:rc5:*:*:*:*:*:*", "matchCriteriaId": "7700AB42-8543-4FA5-9BAF-EF2F126E9375" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23:rc6:*:*:*:*:*:*", "matchCriteriaId": "B8C31F2D-385F-46CF-8F04-61157EE35013" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23:rc7:*:*:*:*:*:*", "matchCriteriaId": "3588EB36-674F-49FB-A51C-0B52F8BFD9D4" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23:rc8:*:*:*:*:*:*", "matchCriteriaId": "3C93A9E4-08DA-44D2-B6D9-76BD287FA5DC" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23:rc9:*:*:*:*:*:*", "matchCriteriaId": "C5575728-D466-4CC9-95BA-8CA433D19566" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.1:*:*:*:*:*:*:*", "matchCriteriaId": "5140380C-71BD-464F-AE53-1814C2653056" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.2:*:*:*:*:*:*:*", "matchCriteriaId": "B18EC0A7-8616-4039-B98B-E1216E035B05" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.3:*:*:*:*:*:*:*", "matchCriteriaId": "22FB141B-FA2A-435D-8937-83FC0669CB20" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.4:*:*:*:*:*:*:*", "matchCriteriaId": "C59131C8-F66A-4380-9F6E-3FC14C7C8562" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.5:*:*:*:*:*:*:*", "matchCriteriaId": "A5421616-4BF5-4269-8996-C3D2BA6AE2A1" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.6:*:*:*:*:*:*:*", "matchCriteriaId": "23FC6CE2-8717-4558-A309-A441D322F00E" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.7:*:*:*:*:*:*:*", "matchCriteriaId": "311BE336-7BB2-47C0-AED5-3DEA706C206F" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24:rc1:*:*:*:*:*:*", "matchCriteriaId": "085259B8-9D41-42B0-B32B-66B8D365F106" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24:rc2:*:*:*:*:*:*", "matchCriteriaId": "9A12DE15-E192-4B90-ADB7-A886B3746DD7" } ] } ] } ], "references": [ { "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=96a2d41a3e495734b63bff4e5dd0112741b93b38", "source": "secalert@redhat.com" }, { "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00002.html", "source": "secalert@redhat.com" }, { "url": "http://lwn.net/Articles/258947/", "source": "secalert@redhat.com" }, { "url": "http://secunia.com/advisories/27664", "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/27703", "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/27888", "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/27919", "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/27922", "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/28170", "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/28706", "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/29245", "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ] }, { "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23.8", "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ] }, { "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.24-rc3", "source": "secalert@redhat.com" }, { "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:044", "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ] }, { "url": "http://www.novell.com/linux/security/advisories/2007_63_kernel.html", "source": "secalert@redhat.com" }, { "url": "http://www.securityfocus.com/bid/26474", "source": "secalert@redhat.com", "tags": [ "Patch" ] }, { "url": "http://www.ubuntu.com/usn/usn-558-1", "source": "secalert@redhat.com" }, { "url": "http://www.ubuntu.com/usn/usn-574-1", "source": "secalert@redhat.com" }, { "url": "http://www.vupen.com/english/advisories/2007/3902", "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ] }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38548", "source": "secalert@redhat.com" }, { "url": "https://issues.rpath.com/browse/RPL-1965", "source": "secalert@redhat.com" }, { "url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00032.html", "source": "secalert@redhat.com" }, { "url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00170.html", "source": "secalert@redhat.com" }, { "url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00302.html", "source": "secalert@redhat.com" }, { "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=96a2d41a3e495734b63bff4e5dd0112741b93b38", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00002.html", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://lwn.net/Articles/258947/", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://secunia.com/advisories/27664", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/27703", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/27888", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/27919", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/27922", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/28170", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/28706", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/29245", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] }, { "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23.8", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] }, { "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.24-rc3", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:044", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] }, { "url": "http://www.novell.com/linux/security/advisories/2007_63_kernel.html", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.securityfocus.com/bid/26474", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ] }, { "url": "http://www.ubuntu.com/usn/usn-558-1", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.ubuntu.com/usn/usn-574-1", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.vupen.com/english/advisories/2007/3902", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38548", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "https://issues.rpath.com/browse/RPL-1965", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00032.html", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00170.html", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00302.html", "source": "af854a3a-2127-422b-91ae-364da2661108" } ], "vendorComments": [ { "organization": "Red Hat", "comment": "Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.", "lastModified": "2007-11-20T00:00:00" } ] }