Podatność CVE-2004-1235


Publikacja: 2005-04-14   Modyfikacja: 2012-02-12

Opis:
Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.

Producent: Avaya
Produkt: S8710 
Wersje: r2.0.1; r2.0.0;
Produkt: S8300 
Wersje: r2.0.1; r2.0.0;
Produkt: S8500 
Wersje: r2.0.1; r2.0.0;
Produkt: S8700 
Wersje: r2.0.1; r2.0.0;
Produkt: Modular messaging message storage server 
Wersje: 2.0; 1.1;
Produkt: Converged communications server 
Wersje: 2.0;
Produkt: Intuity audix 
Produkt: Network routing 
Produkt: Mn100 
Producent: Redhat
Produkt: Fedora core 
Wersje:
core_3.0
core_2.0
core_1.0
Produkt: Linux 
Wersje: 9.0; 7.3;
Produkt: Enterprise linux 
Wersje: 4.0; 3.0;
Produkt: Enterprise linux desktop 
Wersje: 4.0; 3.0;
Producent: SUSE
Produkt: Suse linux 
Wersje:
9.2
9.1
9.0
8.2
8.1
8
1.0
Producent: Mandrakesoft
Produkt: Mandrake linux 
Wersje:
9.2
10.1
10.0
Produkt: Mandrake multi network firewall 
Wersje: 8.2;
Produkt: Mandrake linux corporate server 
Wersje: 3.0; 2.1;
Producent: Ubuntu
Produkt: Ubuntu linux 
Wersje: 4.1;
Producent: Linux
Produkt: Linux kernel 
Wersje:
2.6_test9_cvs
2.6.9
2.6.8
2.6.7
2.6.6
2.6.5
2.6.4
2.6.3
2.6.2
2.6.10
2.6.1
2.6.0
2.4.9
2.4.8
2.4.7
2.4.6
2.4.5
2.4.4
2.4.3
2.4.29
2.4.28
2.4.27
2.4.26
2.4.25
2.4.24_ow1
2.4.24
2.4.23_ow2
2.4.23
2.4.22
2.4.21
2.4.20
2.4.2
2.4.19
2.4.18
2.4.17
2.4.16
2.4.15
2.4.14
2.4.13
2.4.12
2.4.11
2.4.10
2.4.1
2.4.0
Producent: Conectiva
Produkt: Linux 
Wersje: 10.0;

CVSS2 => (AV:L/AC:H/Au:N/C:C/I:C/A:C)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
6.2/10
10/10
1.9/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Lokalny
Wysoka
Nie wymagana
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Pełny
Pełny
Pełny

 Referencje:
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
http://isec.pl/vulnerabilities/isec-0021-uselib.txt
http://marc.info/?l=bugtraq&m=110512575901427&w=2
http://www.debian.org/security/2006/dsa-1067
http://www.debian.org/security/2006/dsa-1069
http://www.debian.org/security/2006/dsa-1070
http://www.debian.org/security/2006/dsa-1082
http://www.mandriva.com/security/advisories?name=MDKSA-2005:022
http://www.novell.com/linux/security/advisories/2005_01_sr.html
http://www.redhat.com/support/errata/RHSA-2005-016.html
http://www.redhat.com/support/errata/RHSA-2005-017.html
http://www.redhat.com/support/errata/RHSA-2005-043.html
http://www.redhat.com/support/errata/RHSA-2005-092.html
http://www.securityfocus.com/advisories/7804
http://www.securityfocus.com/advisories/7805
http://www.securityfocus.com/advisories/7806
http://www.securityfocus.com/bid/12190
http://www.trustix.org/errata/2005/0001/
https://bugzilla.fedora.us/show_bug.cgi?id=2336
https://exchange.xforce.ibmcloud.com/vulnerabilities/18800
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9567

Podobne CVE
CVE-2005-3625
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and ...
CVE-2005-3626
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.
CVE-2005-3624
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to int...
CVE-2005-1043
exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a large IFD nesting level, which causes significant stack recursion.
CVE-2005-0750
The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via (1) socket or (2) socketpair call with a negative protocol value.
CVE-2005-0754
Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code.
CVE-2005-0736
Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 to 2.6.11 allows local users to overwrite kernel memory via a large number of events.
CVE-2005-0699
Multiple buffer overflows in the dissect_a11_radius function in the CDMA A11 (3G-A11) dissector (packet-3g-a11.c) for Ethereal 0.10.9 and earlier allow remote attackers to execute arbitrary code via RADIUS authentication packets with large length val...

Copyright 2019, cxsecurity.com

 

Back to Top