Patch of vulnerability CVE:2007-5001
Hi all
I am working on linux kernel-2.4.17-rt3.1 version, which is vulnerabile, to local unpriviliged users with reference to CVE:2007-5001.
* a flaw was found when performing asynchronous input or output operations
on a FIFO special file. A local unprivileged user could use this flaw to
cause a kernel panic. (CVE-2007-5001, Important)
* Bugzilla Bug 326251: CVE-2007-5001 kernel asynchronous IO on a FIFO kernel panic.
Using asynchronous IO on a FIFO causes RHEL 3U9 to kernel panic.
(Does not occur in RHEL 4 as the pipe_write function has been re-written)
This is a security issue because a local unprivileged user can cause a kernel panic.
The solution for this, is available in the following rpm:
kernel-2.4.21-57.EL.i686.rpm aecf0b0d5644fcad52e625f1be32dd12
But this rpm gives a mixed solution for other CVE's also, it is not giving a seperate patch for the CVE:2007-5001.We have searched almost all site's, but didn't got it.
Is any body know where can we find a seperate patch for this vulnerability (CVE:2007-5001), please do reply.
Thanks & Regards
Naresh.....
|