Executive Summary
Summary | |
---|---|
Title | Updated kernel packages available for Red Hat Enterprise Linux 4 Update 2 |
Informations | |||
---|---|---|---|
Name | RHSA-2005:514 | First vendor Publication | 2005-10-05 |
Vendor | RedHat | Last vendor Modification | 2005-10-05 |
Severity (Vendor) | N/A | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 4. This is the second regular update. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, noarch, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, noarch, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, noarch, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, noarch, x86_64 3. Problem description: The Linux kernel handles the basic functions of the operating system. This is the second regular kernel update to Red Hat Enterprise Linux 4. New features introduced in this update include: - - Audit support - - systemtap - kprobes, relayfs - - Keyring support - - ISCI - iscsi_sfnet 4:0.1.11-1 - - Device mapper mirroring and multipath support - - Intel dual core support - - esb2 chipset support - - Increased exec-shield coverage - - Dirty page tracking for HA systems - - Diskdump -- allow partial diskdumps and directing to swap There were several bug fixes in various parts of the kernel. The ongoing effort to resolve these problems has resulted in a marked improvement in the reliability and scalability of Red Hat Enterprise Linux 4. The following security bugs were fixed in this update, detailed below with corresponding CAN names available from the Common Vulnerabilities and Exposures project (cve.mitre.org): - - flaws in ptrace() syscall handling on 64-bit systems that allowed a local user to cause a denial of service (crash) (CAN-2005-0756, CAN-2005-1761, CAN-2005-1762, CAN-2005-1763) - - flaws in IPSEC network handling that allowed a local user to cause a denial of service or potentially gain privileges (CAN-2005-2456, CAN-2005-2555) - - a flaw in sendmsg() syscall handling on 64-bit systems that allowed a local user to cause a denial of service or potentially gain privileges (CAN-2005-2490) - - a flaw in sendmsg() syscall handling that allowed a local user to cause a denial of service by altering hardware state (CAN-2005-2492) - - a flaw that prevented the topdown allocator from allocating mmap areas all the way down to address zero (CAN-2005-1265) - - flaws dealing with keyrings that could cause a local denial of service (CAN-2005-2098, CAN-2005-2099) - - a flaw in the 4GB split patch that could allow a local denial of service (CAN-2005-2100) - - a xattr sharing bug in the ext2 and ext3 file systems that could cause default ACLs to disappear (CAN-2005-2801) - - a flaw in the ipt_recent module on 64-bit architectures which could allow a remote denial of service (CAN-2005-2872) The following device drivers have been upgraded to new versions: qla2100 --------- 8.00.00b21-k to 8.01.00b5-rh2 qla2200 --------- 8.00.00b21-k to 8.01.00b5-rh2 qla2300 --------- 8.00.00b21-k to 8.01.00b5-rh2 qla2322 --------- 8.00.00b21-k to 8.01.00b5-rh2 qla2xxx --------- 8.00.00b21-k to 8.01.00b5-rh2 qla6312 --------- 8.00.00b21-k to 8.01.00b5-rh2 megaraid_mbox --- 2.20.4.5 to 2.20.4.6 megaraid_mm ----- 2.20.2.5 to 2.20.2.6 lpfc ------------ 0:8.0.16.6_x2 to 0:8.0.16.17 cciss ----------- 2.6.4 to 2.6.6 ipw2100 --------- 1.0.3 to 1.1.0 tg3 ------------- 3.22-rh to 3.27-rh e100 ------------ 3.3.6-k2-NAPI to 3.4.8-k2-NAPI e1000 ----------- 5.6.10.1-k2-NAPI to 6.0.54-k2-NAPI 3c59x ----------- LK1.1.19 mptbase --------- 3.01.16 to 3.02.18 ixgb ------------ 1.0.66 to 1.0.95-k2-NAPI libata ---------- 1.10 to 1.11 sata_via -------- 1.0 to 1.1 sata_ahci ------- 1.00 to 1.01 sata_qstor ------ 0.04 sata_sil -------- 0.8 to 0.9 sata_svw -------- 1.05 to 1.06 s390: crypto ---- 1.31 to 1.57 s390: zfcp ------ s390: CTC-MPC --- s390: dasd ------- s390: cio ------- s390: qeth ------ All Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 114578 - RHEL4 U1: File Delegation, at least read-only. 130914 - RHEL4: keyring support (OpenAFS enabler) 134790 - Inspiron 8500 practically hangs when configuring b44 NIC with 1.5G memory 135669 - tcsendbreak fails in compat mode 137343 - RH40-beta1, embedded IDE/PCI drivers not honoring Sub ID's/Class code 140002 - [PATCH] i2o_block timeout Adaptec 2400A raid card 141783 - domain validation fails on DVD-305 when CD in drive 142989 - Terminated threads' resource usage is hidden from procps 144668 - System doesn't reboot even if kernel.panic is > 0 on RHEL-4 Beta-2. 145575 - [RHEL4-U2][Diskdump] Partial dump 145648 - Socket option IP_FREEBIND has no effect on SCTP socket. 145659 - Socket option SO_BINDTODEVICE problems with SCTP listening socket. 145976 - Sub-second mtime changes without modifying file 146187 - [RHEL4RC1] chicony usb keyboard fails, with side effects 147233 - NFSv3 over Kerberos: gss_get_mic FAILED during xdm login attempt 147496 - Sense data errors are seen when trying to access a travan tape device 149478 - Bug / data corruption on error handling in Ext3 under I/O failure condition 149919 - highmem.c: fix bio error propagation 149979 - kernel panic when tar'ing data to IDE Tape device 150152 - nfsv4 callback authentication patch 151222 - smp_apic_timer_interrupt() executes on kernel thread stack 151315 - kernel BUG() at pageattr:107 with rmmod e1000 151323 - Kernel BUG at pageattr:107 151429 - Fusion MPT doesn't handle multiple PCI domains correctly 152162 - LVM snapshots over md raid1 cause corruption 152440 - ppc64 arches can crash when single setpping a debugger through syscall return code 152619 - openipmi drivers missing compat_ioctl's on x86_64 kernel 152982 - fail to mount nfs4 servers 154055 - RHEL4 U1 Oracle 10G 10.0.3 aio hang running tpc-c 154100 - assertion failrue in semaphore.h caused by perfmon 154347 - spin_lock already locked by xfrm4_output 154435 - kernel dm-emc: Fix spinlock reset 154442 - kernel dm-multipath: multiple pg_inits can be issued in parallel 154451 - CAN-2005-1762 x86_64 sysret exception leads to DoS 154733 - oops when catting /proc/net/ip_conntrack_expect 155278 - Debugger killed by kernel when looking at the lowest addressed vmalloc page 155354 - 20050313 SCSI tape security 155706 - CAN-2005-2801 xattr sharing bug 155932 - [RHEL4-U2][Diskdump] hangs when SCSI drive is busy 156010 - [RHEL4-U2] Diskdump - swap partition support 156705 - Serial console corrupt on boot 157239 - Systemtap patches to be ported to RHEL4 U2 kernel 157725 - sysctl -A returns an error 157900 - [not quite PATCH] tg3 driver crashes kernel with BCM5752 chip, newer driver is OK 158107 - Serial console turns into garbage after initialising 16550A 158293 - nfs server intermitently claims ENOENT on existing files or directories 158878 - CAN-2005-1265 Prevent NULL mmap in topdown model 158883 - Annoying i2o_config kernel module messages during raidutil run 158930 - 32-bit GETBLKSIZE ioctl overflows incorrectly on 64-bit hosts. 158974 - [Patch] modprobling a module signed with a key not known to the kernel can result in a panic. 159640 - proc and sysctl interface for lockd grace period do not work 159671 - CAN-2005-1761 local user can use ptrace to crash system 159739 - [Stratus RHEL4U2] csb5 functions are tagged with __init. This causes a crash in a hot-plug environment 159765 - RHEL4 Data corruption in spite of using O_SYNC 159918 - CAN-2005-0756 x86_64 crash (ptrace-check-segment) 159921 - CAN-2005-1763 x86_64 crash (x86_64-ptrace-overflow) 160028 - Kernel BUG at pageattr:107 160518 - audit: file system and user space filtering by auid 160522 - audit: teach OOM killer about auditd 160524 - audit: file system attribute change tracking 160526 - audit:PATH record mode flags are wrong sometimes 160528 - audit: file system watch on block device 160547 - when removing scsi hosts commands are not leaked 160548 - when removing scsi hosts commands are not leaked 160654 - audit: kernel audits auditd 160663 - cable link state ignored on ethernet card (b44). 160812 - fixes exec-shield to not randomize to between end-of-binary and start-of-brk 160882 - i2o RAID monitoring memory leak 161143 - Need export of generic_drop_inode for OCFS2 support 161156 - 'mt tell' fails - backported kernel bug likely 161314 - Bluetooth paring did not work anymore since update to 2.6.9-11.EL 161789 - GET_INDEX macro in aspm pci fixup code can overwrite end of the array 161995 - kernel panic when rm -rf directory structure on tmpfs filesystem 162108 - only the main thread is shown by top(1) 162257 - irq stacks not being used for hardirqs 162548 - interrupt handlers run on thread's kernel stack 162728 - JBD race during shutdown of a journal 163528 - /dev/tty won't open during blocking /dev/ttyS1 open 164094 - Placeholder for 2.6.x SATA update 20050724-1 164228 - Export sys_recvmesg for cluster snapshot 164338 - fix aio hang when reading beyond EOF 164449 - RHEL4 [NETFILTER]: Fix deadlock in ip6_queue. 164450 - [NETFILTER]: Fix potential memory corruption in NAT code (aka memory NAT) 164628 - pci_scan_device can cause master abort 164630 - panic while running fsstress to a filesystem on a mirror 164979 - CAN-2005-2098 Error during attempt to join key management session can leave semaphore pinned 164991 - CAN-2005-2099 Destruction of failed keyring oopses 165127 - acpi_processor_get_performance_states fails on empty table entries (_PSS) 165163 - audit - syscall performance 165242 - mirrors possibly reporting invalid blocks to the filesystem 165384 - cpufreq driver hangs when using SMP Powernow 165547 - CAN-2005-2100 4G/4G split bounds checking 165560 - CAN-2005-2456 IPSEC overflow 165717 - ext on top of mirror attempts to access beyond end of device: dm-5: rw=0, want=16304032720, limit=20971520 166131 - CAN-2005-2555 IPSEC lacks restrictions 166248 - CAN-2005-2490 sendmsg compat stack overflow 166830 - CAN-2005-2492 sendmsg DoS 167126 - bad elf check in module-verify.c 167412 - [RFC] [RHEL4 U2 patch] dual-core detection gap for i386 build 167668 - LTC17960-Kernel panic at key_put+0x4/0x19 [REGRESSION] 167703 - CAN-2005-2872 ipt_recent crash 167711 - LTC18014-powernow-k8 debug messages are enabled |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2005-514.html |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-1 | Accessing Functionality Not Properly Constrained by ACLs |
CAPEC-13 | Subverting Environment Variable Values |
CAPEC-17 | Accessing, Modifying or Executing Executable Files |
CAPEC-39 | Manipulating Opaque Client-based Data Tokens |
CAPEC-45 | Buffer Overflow via Symbolic Links |
CAPEC-51 | Poison Web Service Registry |
CAPEC-59 | Session Credential Falsification through Prediction |
CAPEC-60 | Reusing Session IDs (aka Session Replay) |
CAPEC-76 | Manipulating Input to File System Calls |
CAPEC-77 | Manipulating User-Controlled Variables |
CAPEC-87 | Forceful Browsing |
CAPEC-104 | Cross Zone Scripting |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
29 % | CWE-399 | Resource Management Errors |
29 % | CWE-264 | Permissions, Privileges, and Access Controls |
14 % | CWE-697 | Insufficient Comparison |
14 % | CWE-667 | Insufficient Locking |
14 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10182 | |||
Oval ID: | oval:org.mitre.oval:def:10182 | ||
Title: | Buffer overflow in ptrace in the Linux Kernel for 64-bit architectures allows local users to write bytes into kernel memory. | ||
Description: | Buffer overflow in ptrace in the Linux Kernel for 64-bit architectures allows local users to write bytes into kernel memory. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-1763 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10444 | |||
Oval ID: | oval:org.mitre.oval:def:10444 | ||
Title: | Linux kernel 2.6.x does not properly restrict socket policy access to users with the CAP_NET_ADMIN capability, which could allow local users to conduct unauthorized activities via (1) ipv4/ip_sockglue.c and (2) ipv6/ipv6_sockglue.c. | ||
Description: | Linux kernel 2.6.x does not properly restrict socket policy access to users with the CAP_NET_ADMIN capability, which could allow local users to conduct unauthorized activities via (1) ipv4/ip_sockglue.c and (2) ipv6/ipv6_sockglue.c. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2555 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10466 | |||
Oval ID: | oval:org.mitre.oval:def:10466 | ||
Title: | The mmap function in the Linux Kernel 2.6.10 can be used to create memory maps with a start address beyond the end address, which allows local users to cause a denial of service (kernel crash). | ||
Description: | The mmap function in the Linux Kernel 2.6.10 can be used to create memory maps with a start address beyond the end address, which allows local users to cause a denial of service (kernel crash). | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-1265 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10481 | |||
Oval ID: | oval:org.mitre.oval:def:10481 | ||
Title: | Stack-based buffer overflow in the sendmsg function call in the Linux kernel 2.6 before 2.6.13.1 allows local users execute arbitrary code by calling sendmsg and modifying the message contents in another thread. | ||
Description: | Stack-based buffer overflow in the sendmsg function call in the Linux kernel 2.6 before 2.6.13.1 allows local users execute arbitrary code by calling sendmsg and modifying the message contents in another thread. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2490 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10495 | |||
Oval ID: | oval:org.mitre.oval:def:10495 | ||
Title: | xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6 does not properly compare the name_index fields when sharing xattr blocks, which could prevent default ACLs from being applied. | ||
Description: | xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6 does not properly compare the name_index fields when sharing xattr blocks, which could prevent default ACLs from being applied. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2801 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10630 | |||
Oval ID: | oval:org.mitre.oval:def:10630 | ||
Title: | The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform allows local users to cause a denial of service (kernel crash) via a "non-canonical" address. | ||
Description: | The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform allows local users to cause a denial of service (kernel crash) via a "non-canonical" address. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-1762 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10858 | |||
Oval ID: | oval:org.mitre.oval:def:10858 | ||
Title: | Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c in Linux kernel 2.6 allows local users to cause a denial of service (oops or deadlock) and possibly execute arbitrary code via a p-dir value that is larger than XFRM_POLICY_OUT, which is used as an index in the sock-sk_policy array. | ||
Description: | Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c in Linux kernel 2.6 allows local users to cause a denial of service (oops or deadlock) and possibly execute arbitrary code via a p->dir value that is larger than XFRM_POLICY_OUT, which is used as an index in the sock->sk_policy array. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2456 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11031 | |||
Oval ID: | oval:org.mitre.oval:def:11031 | ||
Title: | The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 allows local users to cause a denial of service (change hardware state) or read from arbitrary memory via crafted input. | ||
Description: | The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 allows local users to cause a denial of service (change hardware state) or read from arbitrary memory via crafted input. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2492 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11283 | |||
Oval ID: | oval:org.mitre.oval:def:11283 | ||
Title: | The mprotect code (mprotect.c) in Linux 2.6 on Itanium IA64 Montecito processors does not properly maintain cache coherency as required by the architecture, which allows local users to cause a denial of service and possibly corrupt data by modifying PTE protections. | ||
Description: | The mprotect code (mprotect.c) in Linux 2.6 on Itanium IA64 Montecito processors does not properly maintain cache coherency as required by the architecture, which allows local users to cause a denial of service and possibly corrupt data by modifying PTE protections. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-3105 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11394 | |||
Oval ID: | oval:org.mitre.oval:def:11394 | ||
Title: | The ipt_recent kernel module (ipt_recent.c) in Linux kernel before 2.6.12, when running on 64-bit processors such as AMD64, allows remote attackers to cause a denial of service (kernel panic) via certain attacks such as SSH brute force, which leads to memset calls using a length based on the u_int32_t type, acting on an array of unsigned long elements, a different vulnerability than CVE-2005-2873. | ||
Description: | The ipt_recent kernel module (ipt_recent.c) in Linux kernel before 2.6.12, when running on 64-bit processors such as AMD64, allows remote attackers to cause a denial of service (kernel panic) via certain attacks such as SSH brute force, which leads to memset calls using a length based on the u_int32_t type, acting on an array of unsigned long elements, a different vulnerability than CVE-2005-2873. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2872 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11556 | |||
Oval ID: | oval:org.mitre.oval:def:11556 | ||
Title: | The rw_vm function in usercopy.c in the 4GB split patch for the Linux kernel in Red Hat Enterprise Linux 4 does not perform proper bounds checking, which allows local users to cause a denial of service (crash). | ||
Description: | The rw_vm function in usercopy.c in the 4GB split patch for the Linux kernel in Red Hat Enterprise Linux 4 does not perform proper bounds checking, which allows local users to cause a denial of service (crash). | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2100 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9079 | |||
Oval ID: | oval:org.mitre.oval:def:9079 | ||
Title: | The Linux kernel before 2.6.12.5 does not properly destroy a keyring that is not instantiated properly, which allows local users or remote attackers to cause a denial of service (kernel oops) via a keyring with a payload that is not empty, which causes the creation to fail, leading to a null dereference in the keyring destructor. | ||
Description: | The Linux kernel before 2.6.12.5 does not properly destroy a keyring that is not instantiated properly, which allows local users or remote attackers to cause a denial of service (kernel oops) via a keyring with a payload that is not empty, which causes the creation to fail, leading to a null dereference in the keyring destructor. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2099 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9638 | |||
Oval ID: | oval:org.mitre.oval:def:9638 | ||
Title: | The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel before 2.6.12.5 contains an error path that does not properly release the session management semaphore, which allows local users or remote attackers to cause a denial of service (semaphore hang) via a new session keyring (1) with an empty name string, (2) with a long name string, (3) with the key quota reached, or (4) ENOMEM. | ||
Description: | The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel before 2.6.12.5 contains an error path that does not properly release the session management semaphore, which allows local users or remote attackers to cause a denial of service (semaphore hang) via a new session keyring (1) with an empty name string, (2) with a long name string, (3) with the key quota reached, or (4) ENOMEM. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2098 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for Linux kernel File : nvt/sles9p5012519.nasl |
2009-10-10 | Name : SLES9: Security update for Linux kernel File : nvt/sles9p5015723.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1017-1 (kernel-source-2.6.8) File : nvt/deb_1017_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1018-1 (kernel-source-2.4.27) File : nvt/deb_1018_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1018-2 (kernel-source-2.4.27) File : nvt/deb_1018_2.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 921-1 (kernel-source-2.4.27) File : nvt/deb_921_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 922-1 (kernel-source-2.4.27) File : nvt/deb_922_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
20424 | Red Hat Enterprise Linux Kernel usercopy.c rw_vm() Function Local Overflow DoS A local overflow exists in the kernel of Red Hat Enterprise Linux. The 'rw_vm()' function in 'usercopy.c' fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request, a malicious user can cause the kernel to crash resulting in a loss of availability. |
20009 | Linux Kernel mprotect.c PTE Protection Modification Data Corruption |
19430 | Linux Kernel ipt_recent u_int32_t Memset Remote DoS |
19314 | Linux Kernel ext2/ext3 xattr.c name_index Error ACL Failure |
19261 | Linux Kernel raw_sendmsg() Unspecified Memory Manipulation Linux kernel contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered by an error in the "raw_sendmsg()" function, which may allow a local unprivileged user to read kernel memory contents to obtain sensitive information or on some architectures cause a denial of service by manipulating hardware state, resulting in a loss of confidentiality and/or availability. |
19260 | Linux Kernel sendmsg() 32bit msg_control Copy Overflow |
18978 | Linux Kernel CAP_NET_ADMIN Socket Policy Bypass |
18652 | Linux Kernel Keyring Management KEYCTL_JOIN_SESSION_KEYRING DoS Linux contains a flaw that may allow a local denial of service. The issue is triggered when a user causes the system to attempt to allocate a new session keyring after either the user's key quota has been reached, or if the new keyring name is blank or is too long, and will result in loss of availability for the keyring management service. |
18651 | Linux Kernel Malformed Keyring Addition DoS Linux contains a flaw that may allow a local denial of service. The issue is triggered when a user attempts to add a keyring with anything other than an empty description payload. Creation of the keyring will fail, and when the system attempts to remove the keyring from the name list, a kernel crash will occur, and will result in loss of availability for the operating system. |
18555 | Linux Kernel xfrm Array Indexing Overflow |
17693 | Linux Kernel on AMD64 ptrace() Non-canonical Address Call Local DoS |
17546 | Linux Kernel on 64Bit ptrace Function Local Overflow |
17479 | Linux Kernel ptrace / restore_sigcontext ar.rsc Access Issue |
17234 | Linux Kernel mmap() Function Crafted Memory Map Code Execution |
17233 | Linux Kernel on AMD64 ptrace() Invalid Segment Base Local DoS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1017.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1018.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-921.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-922.nasl - Type : ACT_GATHER_INFO |
2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-514.nasl - Type : ACT_GATHER_INFO |
2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-663.nasl - Type : ACT_GATHER_INFO |
2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0144.nasl - Type : ACT_GATHER_INFO |
2006-03-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0144.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-178-1.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-169-1.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-143-1.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-137-1.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-235.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-219.nasl - Type : ACT_GATHER_INFO |
2005-10-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-514.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-663.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-906.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2005_050.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-905.nasl - Type : ACT_GATHER_INFO |
2005-09-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-821.nasl - Type : ACT_GATHER_INFO |
2005-09-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-820.nasl - Type : ACT_GATHER_INFO |
2005-08-04 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2005_044.nasl - Type : ACT_GATHER_INFO |
2005-07-05 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-510.nasl - Type : ACT_GATHER_INFO |
2005-06-10 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2005_029.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:49:27 |
|