Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux SE 1.5
Astra Linux SE 1.6
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:com.altx-soft.nix:def:14350
[Rus]
Version
3
Class
patch
ALTXid
139223
Language
English
Severity
NotAvailable
Title
USN-219-1 -- Linux kernel vulnerabilities
Description
Multiple vulnerabilities in Linux kernel.
Family
unix
Platform
Ubuntu 5.10
Ubuntu 5.04
Ubuntu 4.10
Product
linux-image
Reference
CVE: CVE-2005-3273
CVE: CVE-2005-3273
Id:
CVE-2005-3273
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3273
Comment
: The rose_rt_ioctl function in rose_route.c for Radionet Open Source Environment (ROSE) in Linux 2.6 kernels before 2.6.12, and 2.4 before 2.4.29, does not properly verify the ndigis argument for a new route, which allows attackers to trigger array out-of-bounds errors with a large number of digipeats.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE:
264 (Permissions, Privileges, and Access Controls)
References:
http://lkml.org/lkml/2005/5/23/169 (CONFIRM)
1014115 (SECTRACK)
DSA-922 (DEBIAN)
13886 (BID)
18056 (SECUNIA)
17826 (SECUNIA)
RHSA-2005:663 (REDHAT)
RHSA-2006:0579 (REDHAT)
RHSA-2006:0580 (REDHAT)
21035 (SECUNIA)
MDKSA-2005:218 (MANDRAKE)
MDKSA-2005:220 (MANDRAKE)
MDKSA-2005:219 (MANDRAKE)
oval:org.mitre.oval:def:9552 (OVAL)
USN-219-1 (UBUNTU)
FLSA:157459-1 (FEDORA)
http://linux.bkbits.net:8080/linux-2.6/cset%40423114bcdthRtmtdS6MsZiBVvteGCg ()
http://linux.bkbits.net:8080/linux-2.4/cset%4041e2cf515TpixcVQ8q8HvQvCv9E6zA ()
VENDOR: USN-219-1
VENDOR: USN-219-1
Id:
USN-219-1
Reference:
http://www.ubuntu.com/usn/usn-219-1/
CVE: CVE-2005-2709
CVE: CVE-2005-2709
Id:
CVE-2005-2709
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2709
Comment
: The sysctl functionality (sysctl.c) in Linux kernel before 2.6.14.1 allows local users to cause a denial of service (kernel oops) and possibly execute code by opening an interface file in /proc/sys/net/ipv4/conf/, waiting until the interface is unregistered, then obtaining and modifying function pointers in memory that was used for the ctl_table.
CVSSv2 Score:
4.6
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CWE:
399 (Resource Management Errors)
References:
17504 (SECUNIA)
17541 (SECUNIA)
17648 (SECUNIA)
18510 (SECUNIA)
18562 (SECUNIA)
18684 (SECUNIA)
19369 (SECUNIA)
19374 (SECUNIA)
1015434 (SECTRACK)
DSA-1017 (DEBIAN)
DSA-1018 (DEBIAN)
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.14.1 (CONFIRM)
MDKSA-2006:059 (MANDRIVA)
20676 (OSVDB)
RHSA-2006:0101 (REDHAT)
RHSA-2006:0140 (REDHAT)
RHSA-2006:0190 (REDHAT)
RHSA-2006:0191 (REDHAT)
FLSA:157459-3 (FEDORA)
FLSA:157459-4 (FEDORA)
FLSA:157459-1 (FEDORA)
FLSA:157459-2 (FEDORA)
15365 (BID)
ADV-2005-2359 (VUPEN)
kernel-sysctl-interface-dos(23040) (XF)
oval:org.mitre.oval:def:10746 (OVAL)
USN-219-1 (UBUNTU)
CVE: CVE-2005-2973
CVE: CVE-2005-2973
Id:
CVE-2005-2973
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2973
Comment
: The udp_v6_get_port function in udp.c in Linux 2.6 before 2.6.14-rc5, when running IPv6, allows local users to cause a denial of service (infinite loop and crash).
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CWE:
CWE-Other ()
References:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=170772 (CONFIRM)
FEDORA-2005-1007 (FEDORA)
FEDORA-2005-1013 (FEDORA)
15156 (BID)
SUSE-SA:2005:067 (SUSE)
17917 (SECUNIA)
17918 (SECUNIA)
17261 (SECUNIA)
RHSA-2006:0140 (REDHAT)
18562 (SECUNIA)
RHSA-2006:0190 (REDHAT)
RHSA-2006:0191 (REDHAT)
18684 (SECUNIA)
DSA-1017 (DEBIAN)
17280 (SECUNIA)
DSA-1018 (DEBIAN)
19374 (SECUNIA)
19369 (SECUNIA)
20163 (OSVDB)
19185 (SECUNIA)
RHSA-2006:0493 (REDHAT)
20237 (SECUNIA)
http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm (CONFIRM)
21745 (SECUNIA)
MDKSA-2006:040 (MANDRIVA)
MDKSA-2006:072 (MANDRIVA)
ADV-2005-2173 (VUPEN)
oval:org.mitre.oval:def:10041 (OVAL)
USN-219-1 (UBUNTU)
FLSA:157459-2 (FEDORA)
FLSA:157459-1 (FEDORA)
FLSA:157459-3 (FEDORA)
SUSE-SA:2005:068 (SUSE)
http://linux.bkbits.net:8080/linux-2.6/cset%404342df67SNhRx_3FGhUrrU-FXLlQIA (MISC)
CVE: CVE-2005-3055
CVE: CVE-2005-3055
Id:
CVE-2005-3055
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3055
Comment
: Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial of service (kernel OOPS) via a userspace process that issues a USB Request Block (URB) to a USB device and terminates before the URB is finished, which leads to a stale pointer reference.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CWE:
20 (Improper Input Validation)
References:
[linux-kernel] 20050925 [BUG/PATCH/RFC] Oops while completing async USB via usbdevio (MLIST)
17826 (SECUNIA)
17917 (SECUNIA)
17918 (SECUNIA)
19374 (SECUNIA)
21035 (SECUNIA)
21136 (SECUNIA)
21465 (SECUNIA)
21983 (SECUNIA)
22417 (SECUNIA)
http://support.avaya.com/elmodocs2/security/ASA-2006-180.htm (CONFIRM)
http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm (CONFIRM)
DSA-1017 (DEBIAN)
MDKSA-2005:218 (MANDRAKE)
MDKSA-2005:219 (MANDRAKE)
MDKSA-2005:220 (MANDRAKE)
MDKSA-2005:235 (MANDRIVA)
RHSA-2006:0437 (REDHAT)
RHSA-2006:0575 (REDHAT)
RHSA-2006:0579 (REDHAT)
RHSA-2006:0580 (REDHAT)
SUSE-SA:2005:067 (SUSE)
SUSE-SA:2005:068 (SUSE)
14955 (BID)
ADV-2005-1863 (VUPEN)
oval:org.mitre.oval:def:9472 (OVAL)
USN-219-1 (UBUNTU)
CVE: CVE-2005-3180
CVE: CVE-2005-3180
Id:
CVE-2005-3180
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3180
Comment
: The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and earlier does not properly clear memory from a previously used packet whose length is increased, which allows remote attackers to obtain sensitive information.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE:
CWE-Other ()
References:
FEDORA-2005-1007 (FEDORA)
RHSA-2005:808 (REDHAT)
17364 (SECUNIA)
15085 (BID)
SUSE-SA:2005:067 (SUSE)
17917 (SECUNIA)
17918 (SECUNIA)
RHSA-2006:0140 (REDHAT)
18562 (SECUNIA)
RHSA-2006:0190 (REDHAT)
RHSA-2006:0191 (REDHAT)
18684 (SECUNIA)
DSA-1017 (DEBIAN)
17114 (SECUNIA)
17280 (SECUNIA)
17826 (SECUNIA)
19374 (SECUNIA)
MDKSA-2005:218 (MANDRAKE)
MDKSA-2005:235 (MANDRIVA)
75 (SREASON)
20051012 Linux Orinoco drivers information leakage (BUGTRAQ)
MDKSA-2005:220 (MANDRAKE)
MDKSA-2005:219 (MANDRAKE)
oval:org.mitre.oval:def:11332 (OVAL)
USN-219-1 (UBUNTU)
FLSA:157459-2 (FEDORA)
FLSA:157459-1 (FEDORA)
FLSA:157459-3 (FEDORA)
SUSE-SA:2005:068 (SUSE)
http://www.kernel.org/hg/linux-2.6/?cmd=changeset%3Bnode=feecb2ffde28639e60ede769c6f817dc536c677b ()
CVE: CVE-2005-3271
CVE: CVE-2005-3271
Id:
CVE-2005-3271
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3271
Comment
: Exec in Linux kernel 2.6 does not properly clear posix-timers in multi-threaded environments, which results in a resource leak and could allow a large number of multiple local users to cause a denial of service by using more posix-timers than specified by the quota for a single user.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CWE:
CWE-Other ()
References:
[linux-kernel] 20040911 [PATCH] exec: fix posix-timers leak and pending signal loss (MLIST)
15533 (BID)
SUSE-SA:2005:067 (SUSE)
17917 (SECUNIA)
DSA-922 (DEBIAN)
18056 (SECUNIA)
17826 (SECUNIA)
MDKSA-2005:218 (MANDRAKE)
MDKSA-2005:219 (MANDRAKE)
USN-219-1 (UBUNTU)
http://linux.bkbits.net:8080/linux-2.6/cset%40414b332fsZQvEUsfzKJIo-q2_ZH0hg ()
CVE: CVE-2005-3272
CVE: CVE-2005-3272
Id:
CVE-2005-3272
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3272
Comment
: Linux kernel before 2.6.12 allows remote attackers to poison the bridge forwarding table using frames that have already been dropped by filtering, which can cause the bridge to forward spoofed packets.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE:
CWE-Other ()
References:
DSA-922 (DEBIAN)
15536 (BID)
18056 (SECUNIA)
RHSA-2006:0493 (REDHAT)
20237 (SECUNIA)
http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm (CONFIRM)
21745 (SECUNIA)
MDKSA-2007:025 (MANDRIVA)
oval:org.mitre.oval:def:10157 (OVAL)
USN-219-1 (UBUNTU)
http://linux.bkbits.net:8080/linux-2.6/cset%40429a310bRFOXOmZvKaGXW8A5Qd9F1A ()
CVE: CVE-2005-3274
CVE: CVE-2005-3274
Id:
CVE-2005-3274
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3274
Comment
: Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4 before 2.4.32-pre2, when running on SMP systems, allows local users to cause a denial of service (null dereference) by causing a connection timer to expire while the connection table is being flushed before the appropriate lock is acquired.
CVSSv2 Score:
1.2
Access vector:
LOCAL
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:H/Au:N/C:N/I:N/A:P
CVSSv3 Score:
4.7
Attack vector:
LOCAL
Attack complexity:
HIGH
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
476 (NULL Pointer Dereference)
References:
http://lkml.org/lkml/2005/6/23/249 (CONFIRM)
http://lkml.org/lkml/2005/6/24/173 (CONFIRM)
15528 (BID)
DSA-922 (DEBIAN)
18056 (SECUNIA)
RHSA-2006:0190 (REDHAT)
18684 (SECUNIA)
MDKSA-2006:044 (MANDRIVA)
18977 (SECUNIA)
17826 (SECUNIA)
RHSA-2005:663 (REDHAT)
MDKSA-2005:218 (MANDRAKE)
MDKSA-2005:235 (MANDRIVA)
MDKSA-2005:220 (MANDRAKE)
MDKSA-2005:219 (MANDRAKE)
oval:org.mitre.oval:def:11723 (OVAL)
USN-219-1 (UBUNTU)
FLSA:157459-4 (FEDORA)
FLSA:157459-3 (FEDORA)
http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git%3Ba=commit%3Bh=e684f066dff5628bb61ad1912de6e8058b5b4c7d ()
CVE: CVE-2005-3275
CVE: CVE-2005-3275
Id:
CVE-2005-3275
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3275
Comment
: The NAT code (1) ip_nat_proto_tcp.c and (2) ip_nat_proto_udp.c in Linux kernel 2.6 before 2.6.13 and 2.4 before 2.4.32-rc1 incorrectly declares a variable to be static, which allows remote attackers to cause a denial of service (memory corruption) by causing two packets for the same protocol to be NATed at the same time, which leads to memory corruption.
CVSSv2 Score:
2.6
Access vector:
NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:N/I:N/A:P
CWE:
CWE-Other ()
References:
DSA-922 (DEBIAN)
15531 (BID)
DSA-921 (DEBIAN)
17918 (SECUNIA)
18056 (SECUNIA)
18059 (SECUNIA)
RHSA-2006:0140 (REDHAT)
18562 (SECUNIA)
RHSA-2006:0190 (REDHAT)
RHSA-2006:0191 (REDHAT)
18684 (SECUNIA)
MDKSA-2006:044 (MANDRIVA)
18977 (SECUNIA)
17826 (SECUNIA)
19185 (SECUNIA)
20060402-01-U (SGI)
19607 (SECUNIA)
MDKSA-2005:218 (MANDRAKE)
MDKSA-2005:220 (MANDRAKE)
MDKSA-2005:219 (MANDRAKE)
oval:org.mitre.oval:def:10142 (OVAL)
USN-219-1 (UBUNTU)
FLSA:157459-2 (FEDORA)
FLSA:157459-1 (FEDORA)
FLSA:157459-3 (FEDORA)
SUSE-SA:2005:068 (SUSE)
http://linux.bkbits.net:8080/linux-2.6/cset%4042e14e05d0V1d88nZlaIX1F9dCRApA ()
CVE: CVE-2005-3276
CVE: CVE-2005-3276
Id:
CVE-2005-3276
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3276
Comment
: The sys_get_thread_area function in process.c in Linux 2.6 before 2.6.12.4 and 2.6.13 does not clear a data structure before copying it to userspace, which might allow a user process to obtain sensitive information.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CWE:
CWE-Other ()
References:
http://lkml.org/lkml/2005/8/3/36 (CONFIRM)
15527 (BID)
DSA-922 (DEBIAN)
18056 (SECUNIA)
RHSA-2006:0101 (REDHAT)
18510 (SECUNIA)
RHSA-2006:0144 (REDHAT)
19252 (SECUNIA)
17826 (SECUNIA)
MDKSA-2005:218 (MANDRAKE)
MDKSA-2005:220 (MANDRAKE)
MDKSA-2005:219 (MANDRAKE)
oval:org.mitre.oval:def:9748 (OVAL)
USN-219-1 (UBUNTU)
FLSA:157459-2 (FEDORA)
FLSA:157459-1 (FEDORA)
FLSA:157459-3 (FEDORA)
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=71ae18ec690953e9ba7107c7cc44589c2cc0d9f1 ()
http://linux.bkbits.net:8080/linux-2.6/cset%4042e81864gSEM90Oun0jA8dufpM3inw ()
Content available only for registered users!
ovaldb@altx-soft.com