Vulnerability CVE-2005-0003


Published: 2005-04-14   Modified: 2012-02-12

Description:
The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly check for overlapping VMA (virtual memory address) allocations, which allows local users to cause a denial of service (system crash) or execute arbitrary code via a crafted ELF or a.out file.

Vendor: Avaya
Product: S8710 
Version: r2.0.1; r2.0.0;
Product: S8300 
Version: r2.0.1; r2.0.0;
Product: S8500 
Version: r2.0.1; r2.0.0;
Product: S8700 
Version: r2.0.1; r2.0.0;
Product: Modular messaging message storage server 
Version: 2.0; 1.1;
Product: Converged communications server 
Version: 2.0;
Product: Intuity audix 
Product: Network routing 
Product: Mn100 
Vendor: Mandrakesoft
Product: Mandrake linux 
Version:
9.2
10.1
10.0
Product: Mandrake multi network firewall 
Version: 8.2;
Product: Mandrake linux corporate server 
Version: 3.0; 2.1;
Vendor: Redhat
Product: Enterprise linux desktop 
Version: 3.0;
Product: Enterprise linux 
Version: 3.0;
Vendor: Linux
Product: Linux kernel 
Version:
2.4.9
2.4.8
2.4.7
2.4.6
2.4.5
2.4.4
2.4.3
2.4.29
2.4.28
2.4.27
2.4.26
2.4.25
2.4.24_ow1
2.4.24
2.4.23_ow2
2.4.23
2.4.22
2.4.21
2.4.20
2.4.2
2.4.19
2.4.18
2.4.17
2.4.16
2.4.15
2.4.14
2.4.13
2.4.12
2.4.11
2.4.10
2.4.1
2.4.0

CVSS2 => (AV:L/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.1/10
2.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
http://linux.bkbits.net:8080/linux-2.4/cset@41c36fb6q1Z68WUzKQFjJR-40Ev3tw
http://linux.bkbits.net:8080/linux-2.6/cset@41a6721cce-LoPqkzKXudYby_3TUmg
http://securitytracker.com/id?1012885
http://www.debian.org/security/2006/dsa-1067
http://www.debian.org/security/2006/dsa-1069
http://www.debian.org/security/2006/dsa-1070
http://www.debian.org/security/2006/dsa-1082
http://www.mandriva.com/security/advisories?name=MDKSA-2005:022
http://www.novell.com/linux/security/advisories/2005_18_kernel.html
http://www.redhat.com/support/errata/RHSA-2005-017.html
http://www.redhat.com/support/errata/RHSA-2005-043.html
http://www.securityfocus.com/bid/12261
http://www.trustix.org/errata/2005/0001/
https://exchange.xforce.ibmcloud.com/vulnerabilities/18886
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9512

Related CVE
CVE-2019-10639
The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8 allows Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it is possible to extract the KASLR kernel image offset using the IP ID values the...
CVE-2019-10638
In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to ...
CVE-2019-13233
In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9, there is a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX bounds violation.
CVE-2019-12984
A NULL pointer dereference vulnerability in the function nfc_genl_deactivate_target() in net/nfc/netlink.c in the Linux kernel before 5.1.13 can be triggered by a malicious user-mode program that omits certain NFC attributes, leading to denial of ser...
CVE-2019-12817
arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of pow...
CVE-2019-3896
A double-free can happen in idr_remove_all() in lib/idr.c in the Linux kernel 2.6 branch. An unprivileged local attacker can use this flaw for a privilege escalation or for a system crash and a denial of service (DoS).
CVE-2019-11479
Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial ...
CVE-2019-11478
Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denia...

Copyright 2019, cxsecurity.com

 

Back to Top