Executive Summary
| Summary | |
|---|---|
| Title | Linux amd64 kernel vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | USN-143-1 | First vendor Publication | 2005-06-27 |
| Vendor | Ubuntu | Last vendor Modification | 2005-06-27 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:N/I:N/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 2.1 | Attack Range | Local |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: linux-image-2.6.8.1-5-power4 linux-image-2.6.8.1-5-power4-smp linux-image-2.6.8.1-5-powerpc linux-image-2.6.8.1-5-powerpc-smp linux-image-2.6.10-5-amd64-generic linux-image-2.6.10-5-amd64-k8 linux-image-2.6.10-5-amd64-k8-smp linux-image-2.6.10-5-amd64-xeon linux-patch-debian-2.6.8.1 linux-patch-ubuntu-2.6.10 The problem can be corrected by upgrading the affected package to version 2.6.8.1-16.20 (for Ubuntu 4.10) and 2.6.10-34.3 (for Ubuntu 5.04). You need to reboot your computer after doing a standard system upgrade to effect the necessary changes. Details follow: A Denial of Service vulnerability has been discovered in the ptrace() call on the amd64 platform. By calling ptrace() with specially crafted ("non-canonical") addresses, a local attacker could cause the kernel to crash. This only affects the amd64 platform. (CAN-2005-1762) ZouNanHai discovered that a local user could hang the kernel by invoking syscall() with specially crafted arguments. This only affects the amd64 platform when running in the 32 bit compatibility mode. (CAN-2005-1765) |
Original Source
| Url : http://www.ubuntu.com/usn/USN-143-1 |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:10630 | |||
| Oval ID: | oval:org.mitre.oval:def:10630 | ||
| Title: | The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform allows local users to cause a denial of service (kernel crash) via a "non-canonical" address. | ||
| Description: | The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform allows local users to cause a denial of service (kernel crash) via a "non-canonical" address. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2005-1762 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Os | 2 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-10-10 | Name : SLES9: Security update for Linux kernel File : nvt/sles9p5012519.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 921-1 (kernel-source-2.4.27) File : nvt/deb_921_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 922-1 (kernel-source-2.4.27) File : nvt/deb_922_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 17693 | Linux Kernel on AMD64 ptrace() Non-canonical Address Call Local DoS |
| 17545 | Linux Kernel on AMD64 Crafted syscall() Argument Local DoS Linux Kernel on AMD64 contains a flaw that may allow a local denial of service on while in 32-bit compatibility mode. The issue is due to an error in fault.c and can cause the kernel to crash when handling specially crafted syscall() arguments, and will result in loss of availability for the platform. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-921.nasl - Type : ACT_GATHER_INFO |
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-922.nasl - Type : ACT_GATHER_INFO |
| 2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-514.nasl - Type : ACT_GATHER_INFO |
| 2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-663.nasl - Type : ACT_GATHER_INFO |
| 2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-143-1.nasl - Type : ACT_GATHER_INFO |
| 2005-10-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-514.nasl - Type : ACT_GATHER_INFO |
| 2005-10-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-663.nasl - Type : ACT_GATHER_INFO |
| 2005-10-05 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2005_050.nasl - Type : ACT_GATHER_INFO |
| 2005-06-10 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2005_029.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 12:00:00 |
|
