|Main Archive Page > Month Archives > full-disclosure-uk archives|
rPath Security Advisory: 2007-0084-1
Products: rPath Linux 1
Exposure Level Classification:
Remote Deterministic Denial of Service Updated Versions:
References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1861 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2242 https://issues.rpath.com/browse/RPL-1309 https://issues.rpath.com/browse/RPL-1310
Previous versions of the kernel package are vulnerable to one local user Denial of Service attack in which local users can trigger a kernel stack overflow using the netlink layer, and to one remote Denial of Service attack in which if IPv6 routing has been configured, a remote user can cause the system to use all available network bandwidth by sending a specially-crafted IPv6 packet.
In addition, several issues have been resolved that caused some systems to have difficulty booting: attempting to initialize the Intel random number generator caused some recent systems to hang during boot, and NUMA capability was also causing some systems to hang during boot and so has been disabled on x86, where it is generally not needed.
A system reboot is required to resolve these issues.