CVE-2007-3105

Impact:
Low
Public Date:
2007-06-21
Bugzilla:
248325: CVE-2007-3105 Bound check ordering issue in random driver

The MITRE CVE dictionary describes this issue as:

Stack-based buffer overflow in the random number generator (RNG) implementation in the Linux kernel before 2.6.22 might allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater than the output pool size, which triggers writing random numbers to the stack by the pool transfer function involving "bound check ordering". NOTE: this issue might only cross privilege boundaries in environments that have granular assignment of privileges for root.

Find out more about CVE-2007-3105 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1 or 3.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 4 (kernel) RHSA-2007:0939 2007-11-01
Red Hat Enterprise Linux 5 (kernel) RHSA-2007:0940 2007-10-22
Last Modified

CVE description copyright © 2017, The MITRE Corporation