CVE-2007-4573

Impact:
Important
Public Date:
2007-09-21
Bugzilla:
294541: CVE-2007-4573 x86_64 syscall vulnerability

The MITRE CVE dictionary describes this issue as:

The IA32 system call emulation functionality in Linux kernel 2.4.x and 2.6.x before 2.6.22.7, when running on the x86_64 architecture, does not zero extend the eax register after the 32bit entry path to ptrace is used, which might allow local users to gain privileges by triggering an out-of-bounds access to the system call table using the %RAX register.

Find out more about CVE-2007-4573 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue affected users who were running 64-bit versions of Red Hat Enterprise Linux 3, 4, or 5 on x86_64 architecture. It did not affect users of Red Hat Enterprise Linux 2.1.

Updates are available for Red Hat Enterprise Linux 3, 4, and 5 to correct this issue. New kernel packages along with our advisory are available at the URL below as well as via the Red Hat Network. http://rhn.redhat.com/errata/CVE-2007-4573.html

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 3 (kernel) RHSA-2007:0938 2007-09-27
Red Hat Enterprise Linux 4 (kernel) RHSA-2007:0937 2007-09-27
Red Hat Enterprise Linux 5 (kernel) RHSA-2007:0936 2007-09-27

Acknowledgements

Red Hat would like to thank Wojciech Purczynski for reporting this issue.

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.