CVE-2007-0001

Red Hat Enterprise Linux 4 - Denial of Service via Audit Subsystem File Watch

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0001. PoCs published by Steve Grubb.

AI-analyzed exploit summary This exploit leverages a Linux Kernel vulnerability (CVE-2007-0001) by using auditctl to monitor /etc/shadow and then adding a user, which triggers a kernel crash. It is a local denial-of-service attack affecting Linux kernel versions 2.6.x.

Description

The file watch implementation in the audit subsystem (auditctl -w) in the Red Hat Enterprise Linux (RHEL) 4 kernel 2.6.9 allows local users to cause a denial of service (kernel panic) by replacing a watched file, which does not cause the watch on the old inode to be dropped.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Steve Grubb · textdoslinux

https://www.exploit-db.com/exploits/29683

View Code ZIP pw:eip

This exploit leverages a Linux Kernel vulnerability (CVE-2007-0001) by using auditctl to monitor /etc/shadow and then adding a user, which triggers a kernel crash. It is a local denial-of-service attack affecting Linux kernel versions 2.6.x.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Linux Kernel 2.6.x

Auth required

Prerequisites: Local access to the target system · Sufficient privileges to run auditctl and useradd

MITRE ATT&CK