Executive Summary
Summary | |
---|---|
Title | New Linux kernel 2.6.8 packages fix several vulnerabilities |
Informations | |||
---|---|---|---|
Name | DSA-1017 | First vendor Publication | 2006-03-23 |
Vendor | Debian | Last vendor Modification | 2006-03-23 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2004-1017 Multiple overflows exist in the io_edgeport driver which might be usable as a denial of service attack vector. CVE-2005-0124 Bryan Fulton reported a bounds checking bug in the coda_pioctl function which may allow local users to execute arbitrary code or trigger a denial of service attack. CVE-2005-0449 An error in the skb_checksum_help() function from the netfilter framework has been discovered that allows the bypass of packet filter rules or a denial of service attack. CVE-2005-2457 Tim Yamin discovered that insufficient input validation in the zisofs driver for compressed ISO file systems allows a denial of service attack through maliciously crafted ISO images. CVE-2005-2490 A buffer overflow in the sendmsg() function allows local users to execute arbitrary code. CVE-2005-2555 Herbert Xu discovered that the setsockopt() function was not restricted to users/processes with the CAP_NET_ADMIN capability. This allows attackers to manipulate IPSEC policies or initiate a denial of service attack. CVE-2005-2709 Al Viro discovered a race condition in the /proc handling of network devices. A (local) attacker could exploit the stale reference after interface shutdown to cause a denial of service or possibly execute code in kernel mode. CVE-2005-2800 Jan Blunck discovered that repeated failed reads of /proc/scsi/sg/devices leak memory, which allows a denial of service attack. CVE-2005-2973 Tetsuo Handa discovered that the udp_v6_get_port() function from the IPv6 code can be forced into an endless loop, which allows a denial of service attack. CVE-2005-3044 Vasiliy Averin discovered that the reference counters from sockfd_put() and fput() can be forced into overlapping, which allows a denial of service attack through a null pointer dereference. CVE-2005-3053 Eric Dumazet discovered that the set_mempolicy() system call accepts a negative value for it's first argument, which triggers a BUG() assert. This allows a denial of service attack. CVE-2005-3055 Harald Welte discovered that if a process issues a USB Request Block (URB) to a device and terminates before the URB completes, a stale pointer would be dereferenced. This could be used to trigger a denial of service attack. CVE-2005-3180 Pavel Roskin discovered that the driver for Orinoco wireless cards clears it's buffers insufficiently. This could leak sensitive information into user space. CVE-2005-3181 Robert Derr discovered that the audit subsystem uses an incorrect function to free memory, which allows a denial of service attack. CVE-2005-3257 Rudolf Polzer discovered that the kernel improperly restricts access to the KDSKBSENT ioctl, which can possibly lead to privilege escalation. CVE-2005-3356 Doug Chapman discovered that the mq_open syscall can be tricked into decrementing an internal counter twice, which allows a denial of service attack through a kernel panic. CVE-2005-3358 Doug Chapman discovered that passing a 0 zero bitmask to the set_mempolicy() system call leads to a kernel panic, which allows a denial of service attack. CVE-2005-3783 The ptrace code using CLONE_THREAD didn't use the thread group ID to determine whether the caller is attaching to itself, which allows a denial of service attack. CVE-2005-3784 The auto-reaping of childe processes functionality included ptraced-attached processes, which allows denial of service through dangling references. CVE-2005-3806 Yen Zheng discovered that the IPv6 flow label code modified an incorrect variable, which could lead to memory corruption and denial of service. CVE-2005-3847 It was discovered that a threaded real-time process, which is currently dumping core can be forced into a dead-lock situation by sending it a SIGKILL signal, which allows a denial of service attack. CVE-2005-3848 Ollie Wild discovered a memory leak in the icmp_push_reply() function, which allows denial of service through memory consumption. CVE-2005-3857 Chris Wright discovered that excessive allocation of broken file lock leases in the VFS layer can exhaust memory and fill up the system logging, which allows denial of service. CVE-2005-3858 Patrick McHardy discovered a memory leak in the ip6_input_finish() function from the IPv6 code, which allows denial of service. CVE-2005-4605 Karl Janmar discovered that a signedness error in the procfs code can be exploited to read kernel memory, which may disclose sensitive information. CVE-2005-4618 Yi Ying discovered that sysctl does not properly enforce the size of a buffer, which allows a denial of service attack. CVE-2006-0095 Stefan Rompf discovered that dm_crypt does not clear an internal struct before freeing it, which might disclose sensitive information. CVE-2006-0096 It was discovered that the SDLA driver's capability checks were too lax for firmware upgrades. CVE-2006-0482 Ludovic Courtes discovered that get_compat_timespec() performs insufficient input sanitizing, which allows a local denial of service attack. CVE-2006-1066 It was discovered that ptrace() on the ia64 architecture allows a local denial of service attack, when preemption is enabled. The following matrix explains which kernel version for which architecture fix the problems mentioned above: Debian 3.1 (sarge) Source 2.6.8-16sarge2 Alpha architecture 2.6.8-16sarge2 AMD64 architecture 2.6.8-16sarge2 HP Precision architecture 2.6.8-6sarge2 Intel IA-32 architecture 2.6.8-16sarge2 Intel IA-64 architecture 2.6.8-14sarge2 Motorola 680x0 architecture 2.6.8-4sarge2 PowerPC architecture 2.6.8-12sarge2 IBM S/390 architecture 2.6.8-5sarge2 Sun Sparc architecture 2.6.8-15sarge2 The following matrix lists additional packages that were rebuilt for compatability with or to take advantage of this update: Debian 3.1 (sarge) kernel-latest-2.6-alpha 101sarge1 kernel-latest-2.6-amd64 103sarge1 kernel-latest-2.6-hppa 2.6.8-1sarge1 kernel-latest-2.6-sparc 101sarge1 kernel-latest-2.6-i386 101sarge1 kernel-latest-powerpc 102sarge1 fai-kernels 1.9.1sarge1 hostap-modules-i386 0.3.7-1sarge1 mol-modules-2.6.8 0.9.70+2.6.8+12sarge1 ndiswrapper-modules-i386 1.1-2sarge1 We recommend that you upgrade your kernel package immediately and reboot the machine. If you have built a custom kernel from the kernel source package, you will need to rebuild to take advantage of these fixes. This update introduces a change in the kernel's binary interface, the affected kernel packages inside Debian have been rebuilt, if you're running local addons you'll need to rebuild these as well. |
Original Source
Url : http://www.debian.org/security/2006/dsa-1017 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
45 % | CWE-399 | Resource Management Errors |
18 % | CWE-264 | Permissions, Privileges, and Access Controls |
18 % | CWE-20 | Improper Input Validation |
9 % | CWE-667 | Insufficient Locking |
9 % | CWE-401 | Failure to Release Memory Before Removing Last Reference ('Memory Leak') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10410 | |||
Oval ID: | oval:org.mitre.oval:def:10410 | ||
Title: | Linux kernel before 2.6.15 allows local users to cause a denial of service (panic) via a set_mempolicy call with a 0 bitmask, which causes a panic when a page fault occurs. | ||
Description: | Linux kernel before 2.6.15 allows local users to cause a denial of service (panic) via a set_mempolicy call with a 0 bitmask, which causes a panic when a page fault occurs. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-3358 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10444 | |||
Oval ID: | oval:org.mitre.oval:def:10444 | ||
Title: | Linux kernel 2.6.x does not properly restrict socket policy access to users with the CAP_NET_ADMIN capability, which could allow local users to conduct unauthorized activities via (1) ipv4/ip_sockglue.c and (2) ipv6/ipv6_sockglue.c. | ||
Description: | Linux kernel 2.6.x does not properly restrict socket policy access to users with the CAP_NET_ADMIN capability, which could allow local users to conduct unauthorized activities via (1) ipv4/ip_sockglue.c and (2) ipv6/ipv6_sockglue.c. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2555 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10481 | |||
Oval ID: | oval:org.mitre.oval:def:10481 | ||
Title: | Stack-based buffer overflow in the sendmsg function call in the Linux kernel 2.6 before 2.6.13.1 allows local users execute arbitrary code by calling sendmsg and modifying the message contents in another thread. | ||
Description: | Stack-based buffer overflow in the sendmsg function call in the Linux kernel 2.6 before 2.6.13.1 allows local users execute arbitrary code by calling sendmsg and modifying the message contents in another thread. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2490 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10576 | |||
Oval ID: | oval:org.mitre.oval:def:10576 | ||
Title: | The sys_set_mempolicy function in mempolicy.c in Linux kernel 2.6.x allows local users to cause a denial of service (kernel BUG()) via a negative first argument. | ||
Description: | The sys_set_mempolicy function in mempolicy.c in Linux kernel 2.6.x allows local users to cause a denial of service (kernel BUG()) via a negative first argument. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-3053 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10615 | |||
Oval ID: | oval:org.mitre.oval:def:10615 | ||
Title: | The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12, and possibly other versions including 2.6.14.4, allows local users to use the KDSKBSENT ioctl on terminals of other users and gain privileges, as demonstrated by modifying key bindings using loadkeys. | ||
Description: | The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12, and possibly other versions including 2.6.14.4, allows local users to use the KDSKBSENT ioctl on terminals of other users and gain privileges, as demonstrated by modifying key bindings using loadkeys. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-3257 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10731 | |||
Oval ID: | oval:org.mitre.oval:def:10731 | ||
Title: | The mq_open system call in Linux kernel 2.6.9, in certain situations, can decrement a counter twice ("double decrement") as a result of multiple calls to the mntput function when the dentry_open function call fails, which allows local users to cause a denial of service (panic) via unspecified attack vectors. | ||
Description: | The mq_open system call in Linux kernel 2.6.9, in certain situations, can decrement a counter twice ("double decrement") as a result of multiple calls to the mntput function when the dentry_open function call fails, which allows local users to cause a denial of service (panic) via unspecified attack vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-3356 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10746 | |||
Oval ID: | oval:org.mitre.oval:def:10746 | ||
Title: | The sysctl functionality (sysctl.c) in Linux kernel before 2.6.14.1 allows local users to cause a denial of service (kernel oops) and possibly execute code by opening an interface file in /proc/sys/net/ipv4/conf/, waiting until the interface is unregistered, then obtaining and modifying function pointers in memory that was used for the ctl_table. | ||
Description: | The sysctl functionality (sysctl.c) in Linux kernel before 2.6.14.1 allows local users to cause a denial of service (kernel oops) and possibly execute code by opening an interface file in /proc/sys/net/ipv4/conf/, waiting until the interface is unregistered, then obtaining and modifying function pointers in memory that was used for the ctl_table. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2709 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10753 | |||
Oval ID: | oval:org.mitre.oval:def:10753 | ||
Title: | The netfilter/iptables module in Linux before 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) or bypass firewall rules via crafted packets, which are not properly handled by the skb_checksum_help function. | ||
Description: | The netfilter/iptables module in Linux before 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) or bypass firewall rules via crafted packets, which are not properly handled by the skb_checksum_help function. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-0449 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11192 | |||
Oval ID: | oval:org.mitre.oval:def:11192 | ||
Title: | dm-crypt in Linux kernel 2.6.15 and earlier does not clear a structure before it is freed, which leads to a memory disclosure that could allow local users to obtain sensitive information about a cryptographic key. | ||
Description: | dm-crypt in Linux kernel 2.6.15 and earlier does not clear a structure before it is freed, which leads to a memory disclosure that could allow local users to obtain sensitive information about a cryptographic key. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-0095 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11332 | |||
Oval ID: | oval:org.mitre.oval:def:11332 | ||
Title: | The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and earlier does not properly clear memory from a previously used packet whose length is increased, which allows remote attackers to obtain sensitive information. | ||
Description: | The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and earlier does not properly clear memory from a previously used packet whose length is increased, which allows remote attackers to obtain sensitive information. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-3180 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11346 | |||
Oval ID: | oval:org.mitre.oval:def:11346 | ||
Title: | Memory leak in the icmp_push_reply function in Linux 2.6 before 2.6.12.6 and 2.6.13 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted packets that cause the ip_append_data function to fail, aka "DST leak in icmp_push_reply." | ||
Description: | Memory leak in the icmp_push_reply function in Linux 2.6 before 2.6.12.6 and 2.6.13 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted packets that cause the ip_append_data function to fail, aka "DST leak in icmp_push_reply." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-3848 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11690 | |||
Oval ID: | oval:org.mitre.oval:def:11690 | ||
Title: | The coda_pioctl function in the coda functionality (pioctl.c) for Linux kernel 2.6.9 and 2.4.x before 2.4.29 may allow local users to cause a denial of service (crash) or execute arbitrary code via negative vi.in_size or vi.out_size values, which may trigger a buffer overflow. | ||
Description: | The coda_pioctl function in the coda functionality (pioctl.c) for Linux kernel 2.6.9 and 2.4.x before 2.4.29 may allow local users to cause a denial of service (crash) or execute arbitrary code via negative vi.in_size or vi.out_size values, which may trigger a buffer overflow. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-0124 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11747 | |||
Oval ID: | oval:org.mitre.oval:def:11747 | ||
Title: | The procfs code (proc_misc.c) in Linux 2.6.14.3 and other versions before 2.6.15 allows attackers to read sensitive kernel memory via unspecified vectors in which a signed value is added to an unsigned value. | ||
Description: | The procfs code (proc_misc.c) in Linux 2.6.14.3 and other versions before 2.6.15 allows attackers to read sensitive kernel memory via unspecified vectors in which a signed value is added to an unsigned value. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-4605 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9080 | |||
Oval ID: | oval:org.mitre.oval:def:9080 | ||
Title: | The auto-reap of child processes in Linux kernel 2.6 before 2.6.15 includes processes with ptrace attached, which leads to a dangling ptrace reference and allows local users to cause a denial of service (crash) and gain root privileges. | ||
Description: | The auto-reap of child processes in Linux kernel 2.6 before 2.6.15 includes processes with ptrace attached, which leads to a dangling ptrace reference and allows local users to cause a denial of service (crash) and gain root privileges. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-3784 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9396 | |||
Oval ID: | oval:org.mitre.oval:def:9396 | ||
Title: | Memory leak in the ip6_input_finish function in ip6_input.c in Linux kernel 2.6.12 and earlier might allow attackers to cause a denial of service via malformed IPv6 packets with unspecified parameter problems, which prevents the SKB from being freed. | ||
Description: | Memory leak in the ip6_input_finish function in ip6_input.c in Linux kernel 2.6.12 and earlier might allow attackers to cause a denial of service via malformed IPv6 packets with unspecified parameter problems, which prevents the SKB from being freed. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-3858 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9467 | |||
Oval ID: | oval:org.mitre.oval:def:9467 | ||
Title: | The audit system in Linux kernel 2.6.6, and other versions before 2.6.13.4, when CONFIG_AUDITSYSCALL is enabled, uses an incorrect function to free names_cache memory, which prevents the memory from being tracked by AUDITSYSCALL code and leads to a memory leak that allows attackers to cause a denial of service (memory consumption). | ||
Description: | The audit system in Linux kernel 2.6.6, and other versions before 2.6.13.4, when CONFIG_AUDITSYSCALL is enabled, uses an incorrect function to free names_cache memory, which prevents the memory from being tracked by AUDITSYSCALL code and leads to a memory leak that allows attackers to cause a denial of service (memory consumption). | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-3181 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9472 | |||
Oval ID: | oval:org.mitre.oval:def:9472 | ||
Title: | Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial of service (kernel OOPS) via a userspace process that issues a USB Request Block (URB) to a USB device and terminates before the URB is finished, which leads to a stale pointer reference. | ||
Description: | Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial of service (kernel OOPS) via a userspace process that issues a USB Request Block (URB) to a USB device and terminates before the URB is finished, which leads to a stale pointer reference. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-3055 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9561 | |||
Oval ID: | oval:org.mitre.oval:def:9561 | ||
Title: | Multiple vulnerabilities in Linux kernel before 2.6.13.2 allow local users to cause a denial of service (kernel OOPS from null dereference) via (1) fput in a 32-bit ioctl on 64-bit x86 systems or (2) sockfd_put in the 32-bit routing_ioctl function on 64-bit systems. | ||
Description: | Multiple vulnerabilities in Linux kernel before 2.6.13.2 allow local users to cause a denial of service (kernel OOPS from null dereference) via (1) fput in a 32-bit ioctl on 64-bit x86 systems or (2) sockfd_put in the 32-bit routing_ioctl function on 64-bit systems. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-3044 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9727 | |||
Oval ID: | oval:org.mitre.oval:def:9727 | ||
Title: | The time_out_leases function in locks.c for Linux kernel before 2.6.15-rc3 allows local users to cause a denial of service (kernel log message consumption) by causing a large number of broken leases, which is recorded to the log using the printk function. | ||
Description: | The time_out_leases function in locks.c for Linux kernel before 2.6.15-rc3 allows local users to cause a denial of service (kernel log message consumption) by causing a large number of broken leases, which is recorded to the log using the printk function. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-3857 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9903 | |||
Oval ID: | oval:org.mitre.oval:def:9903 | ||
Title: | The IPv6 flow label handling code (ip6_flowlabel.c) in Linux kernels 2.4 up to 2.4.32 and 2.6 before 2.6.14 modifies the wrong variable in certain circumstances, which allows local users to corrupt kernel memory or cause a denial of service (crash) by triggering a free of non-allocated memory. | ||
Description: | The IPv6 flow label handling code (ip6_flowlabel.c) in Linux kernels 2.4 up to 2.4.32 and 2.6 before 2.6.14 modifies the wrong variable in certain circumstances, which allows local users to corrupt kernel memory or cause a denial of service (crash) by triggering a free of non-allocated memory. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-3806 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9954 | |||
Oval ID: | oval:org.mitre.oval:def:9954 | ||
Title: | Memory leak in the seq_file implementation in the SCSI procfs interface (sg.c) in Linux kernel 2.6.13 and earlier allows local users to cause a denial of service (memory consumption) via certain repeated reads from the /proc/scsi/sg/devices file, which is not properly handled when the next() iterator returns NULL or an error. | ||
Description: | Memory leak in the seq_file implemenetation in the SCSI procfs interface (sg.c) in Linux kernel 2.6.13 and earlier allows local users to cause a denial of service (memory consumption) via certain repeated reads from the /proc/scsi/sg/devices file, which is not properly handled when the next() iterator returns NULL or an error. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2800 | Version: | 8 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2005-11-09 | Linux Kernel 2.6.x Sysctl Unregistration Local Denial of Service Vulnerability |
2005-10-20 | Linux Kernel 2.6.x IPV6 Local Denial of Service Vulnerability |
2009-08-05 | Linux Kernel < 2.6.14.6 procfs Kernel Memory Disclosure Exploit |
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for Linux kernel File : nvt/sles9p5010939.nasl |
2009-10-10 | Name : SLES9: Security update for Linux kernel File : nvt/sles9p5011171.nasl |
2009-10-10 | Name : SLES9: Security update for Linux kernel File : nvt/sles9p5012519.nasl |
2009-10-10 | Name : SLES9: Security update for Linux kernel File : nvt/sles9p5015723.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1017-1 (kernel-source-2.6.8) File : nvt/deb_1017_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1018-1 (kernel-source-2.4.27) File : nvt/deb_1018_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1018-2 (kernel-source-2.4.27) File : nvt/deb_1018_2.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1067-1 (kernel 2.4.16) File : nvt/deb_1067_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1070-1 (kernel-source-2.4.19,kernel-image-sparc-... File : nvt/deb_1070_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1082-1 (kernel-2.4.17) File : nvt/deb_1082_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
59802 | Linux Kernel on SPARC date Command get_compat_timespec Function Local DoS |
24098 | Linux Kernel on ia64 Preemption ptrace() Function Local DoS Linux Kernel on ia64 contains a flaw that may allow a local denial of service. The issue is triggered when preemption is having multiple tasks doing ptrace singlesteps around the same time, and will result in loss of availability for the platform. |
22902 | Linux Kernel handle_stop_signal Function SIGKILL Race Local DoS |
22822 | Linux Kernel mq_open System Call mntput Function Local DoS |
22507 | Linux Kernel ip6_input_finish Function Crafted IPv6 Packet DoS |
22506 | Linux Kernel icmp_push_reply Function Crafted Packet Remote DoS |
22419 | Linux Kernel SDLA Upgrade CAP_SYS_RAWIO Arbitrary Kernel Memory Disclosure |
22418 | Linux Kernel dm-crypt crypt_config Structure Cryptographic Key Local Disclosure The Linux kernel contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered because 'dm-crypt' does not zero out the 'struct crypt_config' structure before it is freed, potentially leaking cryptographic key information, resulting in a loss of confidentiality. |
22215 | Linux Kernel sysctl.c NULL Byte Off-by-one Memory Corruption DoS |
22213 | Linux Kernel set_mempolicy() Crafted Bitmask Local DoS |
22212 | Linux Kernel procfs proc_calc_metrics Function Information Disclosure |
21516 | Linux Kernel IPv6 Flow Label Handling Local DoS |
21285 | Linux Kernel time_out_leases Function Broken Lease Saturation Local DoS |
21284 | Linux Kernel Child Process auto-reap Dangling ptrace Local DoS |
21283 | Linux Kernel ptrace CLONE_THREAD Local DoS |
20676 | Linux Kernel sysctl Interface Unregistration Local DoS The Linux kernel contains a flaw that may allow a local denial of service. The issue is triggered due to an error in sysctl's handling of interface unregistrations, and will result in loss of availability for the service. |
20163 | Linux Kernel IPv6 udp_v6_get_port() Function Local DoS Linux contains a flaw that may allow a local denial of service. The issue is due to an infinite loop error in the "udp_v6_get_port()" function in "net/ipv6/udp.c", and will result in loss of availability. |
20061 | Linux Kernel loadkeys Console Keyboard Mapping Local Privilege Escalation |
19925 | Linux Kernel Orinoco Driver Remote Memory Segment Disclosure |
19924 | Linux Kernel /fs/namei.c CONFIG_AUDITSYSCALL Local DoS |
19734 | Linux Kernel mempolicy.c sys_set_mempolicy Negative Argument DoS |
19702 | Linux Kernel USB Malformed URB Local DoS |
19598 | Linux Kernel tiocgdev() Reference Counter Overrun Local DoS |
19597 | Linux Kernel on 64bit routing_ioctl() Reference Counter Overrun Local DoS |
19316 | Linux Kernel procfs seq_file Memory Leak DoS |
19260 | Linux Kernel sendmsg() 32bit msg_control Copy Overflow |
19027 | Linux Kernel zisofs Driver Crafted ISO File System DoS |
18978 | Linux Kernel CAP_NET_ADMIN Socket Policy Bypass |
13850 | Linux IPTables/Netfilter Module Crafted Packet Bypass |
13533 | Linux Kernel coda_pioctl Function Negative Value Overflow |
12349 | Linux Kernel io_edgeport Driver Local Overflow A local overflow exists in the edge_startup() function of the io_edgeport driver. The edge_startup() fails to check boundaries resulting in an overflow. With a USB dongle, an attacker can cause the kernel to crash or may be able to gain elevated privileges resulting in a loss of integrity and availability. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-03-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-219-1.nasl - Type : ACT_GATHER_INFO |
2006-12-16 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-151.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1018.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1082.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1070.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1069.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1067.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1017.nasl - Type : ACT_GATHER_INFO |
2006-08-30 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0575.nasl - Type : ACT_GATHER_INFO |
2006-08-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0575.nasl - Type : ACT_GATHER_INFO |
2006-08-04 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0437.nasl - Type : ACT_GATHER_INFO |
2006-07-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0437.nasl - Type : ACT_GATHER_INFO |
2006-07-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0579.nasl - Type : ACT_GATHER_INFO |
2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0493.nasl - Type : ACT_GATHER_INFO |
2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0132.nasl - Type : ACT_GATHER_INFO |
2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0101.nasl - Type : ACT_GATHER_INFO |
2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-808.nasl - Type : ACT_GATHER_INFO |
2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-293.nasl - Type : ACT_GATHER_INFO |
2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-514.nasl - Type : ACT_GATHER_INFO |
2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-366.nasl - Type : ACT_GATHER_INFO |
2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0140.nasl - Type : ACT_GATHER_INFO |
2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-663.nasl - Type : ACT_GATHER_INFO |
2006-05-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0493.nasl - Type : ACT_GATHER_INFO |
2006-05-13 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-281-1.nasl - Type : ACT_GATHER_INFO |
2006-03-23 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-059.nasl - Type : ACT_GATHER_INFO |
2006-03-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0132.nasl - Type : ACT_GATHER_INFO |
2006-02-19 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-040.nasl - Type : ACT_GATHER_INFO |
2006-02-10 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-102.nasl - Type : ACT_GATHER_INFO |
2006-02-10 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2006_006.nasl - Type : ACT_GATHER_INFO |
2006-02-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0191.nasl - Type : ACT_GATHER_INFO |
2006-01-22 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-018.nasl - Type : ACT_GATHER_INFO |
2006-01-21 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-244-1.nasl - Type : ACT_GATHER_INFO |
2006-01-21 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-231-1.nasl - Type : ACT_GATHER_INFO |
2006-01-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0140.nasl - Type : ACT_GATHER_INFO |
2006-01-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0101.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-169-1.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-178-1.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-187-1.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-199-1.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-235.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-219.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-013.nasl - Type : ACT_GATHER_INFO |
2005-12-20 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2005_068.nasl - Type : ACT_GATHER_INFO |
2005-12-08 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2005_067.nasl - Type : ACT_GATHER_INFO |
2005-10-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-808.nasl - Type : ACT_GATHER_INFO |
2005-10-24 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-1007.nasl - Type : ACT_GATHER_INFO |
2005-10-24 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-1013.nasl - Type : ACT_GATHER_INFO |
2005-10-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-514.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-905.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2005_050.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-663.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-906.nasl - Type : ACT_GATHER_INFO |
2005-09-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-820.nasl - Type : ACT_GATHER_INFO |
2005-09-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-821.nasl - Type : ACT_GATHER_INFO |
2005-09-12 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-313.nasl - Type : ACT_GATHER_INFO |
2005-05-19 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-262.nasl - Type : ACT_GATHER_INFO |
2005-04-29 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-283.nasl - Type : ACT_GATHER_INFO |
2005-04-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-293.nasl - Type : ACT_GATHER_INFO |
2005-04-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-366.nasl - Type : ACT_GATHER_INFO |
2005-03-25 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2005_018.nasl - Type : ACT_GATHER_INFO |
2005-01-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-016.nasl - Type : ACT_GATHER_INFO |
2005-01-04 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-582.nasl - Type : ACT_GATHER_INFO |
2005-01-04 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-581.nasl - Type : ACT_GATHER_INFO |
2004-12-27 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-689.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:25:36 |
|