Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux SE 1.5
Astra Linux SE 1.6
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:com.altx-soft.nix:def:12431
[Rus]
Version
7
Class
patch
ALTXid
135297
Language
English
Severity
NotAvailable
Title
DSA-1069-1 -- kernel-source-2.4.18 -- several vulnerabilities
Description
Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.
Family
unix
Platform
Debian GNU/Linux 3.0
Product
kernel-image-2.4.18-1-alpha
kernel-image-2.4.18-1-i386
kernel-image-2.4.18-hppa
kernel-image-2.4.18-powerpc-xfs
kernel-patch-2.4.18-powerpc
kernel-patch-benh
kernel-source-2.4.18
Reference
VENDOR: DSA-1069-1
VENDOR: DSA-1069-1
Id:
DSA-1069-1
Reference:
https://www.debian.org/security/2006/dsa-1069
CVE: CVE-2004-0427
CVE: CVE-2004-0427
Id:
CVE-2004-0427
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0427
Comment
: The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before 2.6.6, does not properly decrement the mm_count counter when an error occurs after the mm_struct for a child process has been activated, which triggers a memory leak that allows local users to cause a denial of service (memory exhaustion) via the clone (CLONE_VM) system call.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CWE:
401 (Improper Release of Memory Before Removing Last Reference ('Memory Leak'))
References:
20040504-01-U (SGI)
20040505-01-U (SGI)
CLA-2004:846 (CONECTIVA)
FEDORA-2004-111 (FEDORA)
GLSA-200407-02 (GENTOO)
SuSE-SA:2004:010 (SUSE)
RHSA-2004:255 (REDHAT)
RHSA-2004:260 (REDHAT)
RHSA-2004:327 (REDHAT)
TLSA-2004-14 (TURBO)
O-164 (CIAC)
10221 (BID)
11429 (SECUNIA)
11464 (SECUNIA)
11486 (SECUNIA)
11541 (SECUNIA)
11861 (SECUNIA)
11891 (SECUNIA)
11892 (SECUNIA)
DSA-1070 (DEBIAN)
DSA-1067 (DEBIAN)
DSA-1069 (DEBIAN)
20162 (SECUNIA)
20163 (SECUNIA)
20202 (SECUNIA)
DSA-1082 (DEBIAN)
20338 (SECUNIA)
MDKSA-2004:037 (MANDRAKE)
[linux-kernel] 20040408 [PATCH]: 2.4/2.6 do_fork() error path memory leak (MLIST)
linux-dofork-memory-leak(16002) (XF)
oval:org.mitre.oval:def:2819 (OVAL)
oval:org.mitre.oval:def:10297 (OVAL)
http://linux.bkbits.net:8080/linux-2.6/cset%40407b1217x4jtqEkpFW2g_-RcF0726A ()
http://linux.bkbits.net:8080/linux-2.4/cset%40407bf20eDeeejm8t36_tpvSE-8EFHA ()
CVE: CVE-2005-0489
CVE: CVE-2005-0489
Id:
CVE-2005-0489
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0489
Comment
: The /proc handling (proc/base.c) Linux kernel 2.4 before 2.4.17 allows local users to cause a denial of service via unknown vectors that cause an invalid access of free memory.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CWE:
CWE-Other ()
References:
http://kernel.debian.net/debian/pool/main/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody4_ia64.changes (CONFIRM)
20163 (SECUNIA)
20202 (SECUNIA)
20338 (SECUNIA)
DSA-1067 (DEBIAN)
DSA-1069 (DEBIAN)
DSA-1070 (DEBIAN)
DSA-1082 (DEBIAN)
18173 (BID)
CVE: CVE-2004-0394
CVE: CVE-2004-0394
Id:
CVE-2004-0394
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0394
Comment
: A "potential" buffer overflow exists in the panic() function in Linux 2.4.x, although it may not be exploitable due to the functionality of panic.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CWE:
CWE-Other ()
References:
20040504-01-U (SGI)
20040505-01-U (SGI)
CLA-2004:846 (CONECTIVA)
[fedora-announce] 20040422 Fedora alert FEDORA-2004-111 (kernel) (MLIST)
20162 (SECUNIA)
20163 (SECUNIA)
20202 (SECUNIA)
20338 (SECUNIA)
GLSA-200407-02 (GENTOO)
DSA-1067 (DEBIAN)
DSA-1069 (DEBIAN)
DSA-1070 (DEBIAN)
DSA-1082 (DEBIAN)
ESA-20040428-004 (ENGARDE)
MDKSA-2004:037 (MANDRAKE)
SuSE-SA:2004:010 (SUSE)
10233 (BID)
linux-panic-bo(15953) (XF)
CVE: CVE-2004-0447
CVE: CVE-2004-0447
Id:
CVE-2004-0447
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0447
Comment
: Unknown vulnerability in Linux before 2.4.26 for IA64 allows local users to cause a denial of service, with unknown impact. NOTE: due to a typo, this issue was accidentally assigned CVE-2004-0477. This is the proper candidate to use for the Linux local DoS.
CVSSv2 Score:
7.2
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE:
CWE-Other ()
References:
20040804-01-U (SGI)
[owl-users] 20040619 Linux 2.4.26-ow2 (MLIST)
20162 (SECUNIA)
20163 (SECUNIA)
20202 (SECUNIA)
20338 (SECUNIA)
GLSA-200407-16 (GENTOO)
O-193 (CIAC)
DSA-1067 (DEBIAN)
DSA-1069 (DEBIAN)
DSA-1070 (DEBIAN)
DSA-1082 (DEBIAN)
RHSA-2004:413 (REDHAT)
10783 (BID)
linux-ia64-dos(16661) (XF)
oval:org.mitre.oval:def:10918 (OVAL)
CVE: CVE-2004-0554
CVE: CVE-2004-0554
Id:
CVE-2004-0554
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0554
Comment
: Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a "crash.c" program.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CWE:
CWE-Other ()
References:
CLA-2004:845 (CONECTIVA)
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=15905 (MISC)
http://linuxreviews.org/news/2004-06-11_kernel_crash/index.html (MISC)
FEDORA-2004-186 (FEDORA)
20040620 TSSA-2004-011 - kernel (BUGTRAQ)
ESA-20040621-005 (ENGARDE)
[linux-kernel] 20040609 timer + fpu stuff locks my console race (MLIST)
20162 (SECUNIA)
20163 (SECUNIA)
20202 (SECUNIA)
20338 (SECUNIA)
GLSA-200407-02 (GENTOO)
DSA-1067 (DEBIAN)
DSA-1069 (DEBIAN)
DSA-1070 (DEBIAN)
DSA-1082 (DEBIAN)
VU#973654 (CERT-VN)
MDKSA-2004:062 (MANDRAKE)
SuSE-SA:2004:017 (SUSE)
RHSA-2004:255 (REDHAT)
RHSA-2004:260 (REDHAT)
10538 (BID)
2004-0034 (TRUSTIX)
linux-dos(16412) (XF)
oval:org.mitre.oval:def:2915 (OVAL)
oval:org.mitre.oval:def:9426 (OVAL)
CVE: CVE-2004-0565
CVE: CVE-2004-0565
Id:
CVE-2004-0565
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0565
Comment
: Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CWE:
CWE-Other ()
References:
[owl-users] 20040619 Linux 2.4.26-ow2 (MLIST)
20162 (SECUNIA)
20163 (SECUNIA)
20202 (SECUNIA)
20338 (SECUNIA)
DSA-1067 (DEBIAN)
DSA-1069 (DEBIAN)
DSA-1070 (DEBIAN)
DSA-1082 (DEBIAN)
MDKSA-2004:066 (MANDRAKE)
RHSA-2004:504 (REDHAT)
10687 (BID)
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124734 (MISC)
linux-ia64-info-disclosure(16644) (XF)
oval:org.mitre.oval:def:10714 (OVAL)
CVE: CVE-2004-0685
CVE: CVE-2004-0685
Id:
CVE-2004-0685
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0685
Comment
: Certain USB drivers in the Linux 2.4 kernel use the copy_to_user function on uninitialized structures, which could allow local users to obtain sensitive information by reading memory that was not cleared from previous usage.
CVSSv2 Score:
4.6
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CWE:
CWE-Other ()
References:
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127921 (CONFIRM)
20162 (SECUNIA)
20163 (SECUNIA)
20202 (SECUNIA)
20338 (SECUNIA)
DSA-1067 (DEBIAN)
DSA-1069 (DEBIAN)
DSA-1070 (DEBIAN)
DSA-1082 (DEBIAN)
GLSA-200408-24 (GENTOO)
VU#981134 (CERT-VN)
RHSA-2004:504 (REDHAT)
RHSA-2004:505 (REDHAT)
10892 (BID)
http://www.securityspace.com/smysecure/catid.html?id=14580 (MISC)
2004-0041 (TRUSTIX)
FLSA:2336 (FEDORA)
linux-usb-gain-privileges(16931) (XF)
oval:org.mitre.oval:def:10665 (OVAL)
CVE: CVE-2005-0001
CVE: CVE-2005-0001
Id:
CVE-2005-0001
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0001
Comment
: Race condition in the page fault handler (fault.c) for Linux kernel 2.2.x to 2.2.7, 2.4 to 2.4.29, and 2.6 to 2.6.10, when running on multiprocessor machines, allows local users to execute arbitrary code via concurrent threads that share the same virtual memory space and simultaneously request stack expansion.
CVSSv2 Score:
6.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C
CWE:
CWE-Other ()
References:
CLA-2005:930 (CONECTIVA)
http://isec.pl/vulnerabilities/isec-0022-pagefault.txt (MISC)
20050112 Linux kernel i386 SMP page fault handler privilege escalation (FULLDISC)
20050112 Linux kernel i386 SMP page fault handler privilege escalation (BUGTRAQ)
20050114 [USN-60-0] Linux kernel vulnerabilities (BUGTRAQ)
13822 (SECUNIA)
20163 (SECUNIA)
20202 (SECUNIA)
20338 (SECUNIA)
1012862 (SECTRACK)
DSA-1067 (DEBIAN)
DSA-1069 (DEBIAN)
DSA-1070 (DEBIAN)
DSA-1082 (DEBIAN)
MDKSA-2005:022 (MANDRAKE)
RHSA-2005:016 (REDHAT)
RHSA-2005:017 (REDHAT)
RHSA-2005:043 (REDHAT)
RHSA-2005:092 (REDHAT)
12244 (BID)
2005-0001 (TRUSTIX)
FLSA:2336 (FEDORA)
linux-fault-handler-gain-privileges(18849) (XF)
oval:org.mitre.oval:def:10322 (OVAL)
CVE: CVE-2004-0883
CVE: CVE-2004-0883
Id:
CVE-2004-0883
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0883
Comment
: Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote samba servers to cause a denial of service (crash) or gain sensitive information from kernel memory via a samba server (1) returning more data than requested to the smb_proc_read function, (2) returning a data offset from outside the samba packet to the smb_proc_readX function, (3) sending a certain TRANS2 fragmented packet to the smb_receive_trans2 function, (4) sending a samba packet with a certain header size to the smb_proc_readX_data function, or (5) sending a certain packet based offset for the data in a packet to the smb_receive_trans2 function.
CVSSv2 Score:
6.4
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:P
CWE:
CWE-Other ()
References:
20041117 Advisory 14/2004: Linux 2.x smbfs multiple remote vulnerabilities (BUGTRAQ)
20041118 [USN-30-1] Linux kernel vulnerabilities (BUGTRAQ)
13232 (SECUNIA)
20162 (SECUNIA)
20163 (SECUNIA)
20202 (SECUNIA)
20338 (SECUNIA)
http://security.e-matters.de/advisories/142004.html (MISC)
DSA-1067 (DEBIAN)
DSA-1069 (DEBIAN)
DSA-1070 (DEBIAN)
DSA-1082 (DEBIAN)
VU#726198 (CERT-VN)
MDKSA-2005:022 (MANDRAKE)
RHSA-2004:504 (REDHAT)
RHSA-2004:505 (REDHAT)
RHSA-2004:537 (REDHAT)
11695 (BID)
FLSA:2336 (FEDORA)
linux-smb-response-dos(18134) (XF)
linux-smbprocreadxdata-dos(18135) (XF)
linux-smbreceivetrans2-dos(18136) (XF)
oval:org.mitre.oval:def:10330 (OVAL)
CVE: CVE-2004-0949
CVE: CVE-2004-0949
Id:
CVE-2004-0949
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0949
Comment
: The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 does not properly handle the re-assembly of fragmented packets correctly, which could allow remote samba servers to (1) read arbitrary kernel information or (2) raise a counter value to an arbitrary number by sending the first part of the fragmented packet multiple times.
CVSSv2 Score:
6.4
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:N
CWE:
CWE-Other ()
References:
20041117 Advisory 14/2004: Linux 2.x smbfs multiple remote vulnerabilities (BUGTRAQ)
13232 (SECUNIA)
20162 (SECUNIA)
20163 (SECUNIA)
20202 (SECUNIA)
20338 (SECUNIA)
http://security.e-matters.de/advisories/142004.html (MISC)
DSA-1067 (DEBIAN)
DSA-1069 (DEBIAN)
DSA-1070 (DEBIAN)
DSA-1082 (DEBIAN)
MDKSA-2005:022 (MANDRAKE)
RHSA-2004:504 (REDHAT)
RHSA-2004:505 (REDHAT)
RHSA-2004:537 (REDHAT)
11695 (BID)
2004-0061 (TRUSTIX)
FLSA:2336 (FEDORA)
linux-smbrecvtrans2-memory-leak(18137) (XF)
oval:org.mitre.oval:def:10360 (OVAL)
USN-30-1 (UBUNTU)
CVE: CVE-2004-1016
CVE: CVE-2004-1016
Id:
CVE-2004-1016
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1016
Comment
: The scm_send function in the scm layer for Linux kernel 2.4.x up to 2.4.28, and 2.6.x up to 2.6.9, allows local users to cause a denial of service (system hang) via crafted auxiliary messages that are passed to the sendmsg function, which causes a deadlock condition.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CWE:
CWE-Other ()
References:
http://isec.pl/vulnerabilities/isec-0019-scm.txt (MISC)
20162 (SECUNIA)
20163 (SECUNIA)
20202 (SECUNIA)
20338 (SECUNIA)
DSA-1067 (DEBIAN)
DSA-1069 (DEBIAN)
DSA-1070 (DEBIAN)
DSA-1082 (DEBIAN)
MDKSA-2005:022 (MANDRAKE)
SUSE-SA:2004:044 (SUSE)
RHSA-2004:689 (REDHAT)
RHSA-2005:016 (REDHAT)
RHSA-2005:017 (REDHAT)
11921 (BID)
FLSA:2336 (FEDORA)
linux-scmsend-dos(18483) (XF)
oval:org.mitre.oval:def:11816 (OVAL)
USN-38-1 (UBUNTU)
CVE: CVE-2004-1333
CVE: CVE-2004-1333
Id:
CVE-2004-1333
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1333
Comment
: Integer overflow in the vc_resize function in the Linux kernel 2.4 and 2.6 before 2.6.10 allows local users to cause a denial of service (kernel crash) via a short new screen value, which leads to a buffer overflow.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CWE:
CWE-Other ()
References:
20041215 fun with linux kernel (FULLDISC)
http://www.guninski.com/where_do_you_want_billg_to_go_today_2.html (MISC)
SUSE-SA:2005:018 (SUSE)
11956 (BID)
FLSA:152532 (FEDORA)
17826 (SECUNIA)
DSA-1070 (DEBIAN)
DSA-1067 (DEBIAN)
DSA-1069 (DEBIAN)
20162 (SECUNIA)
20163 (SECUNIA)
20202 (SECUNIA)
DSA-1082 (DEBIAN)
20338 (SECUNIA)
MDKSA-2005:218 (MANDRAKE)
MDKSA-2005:219 (MANDRAKE)
linux-vcresize-dos(18523) (XF)
USN-47-1 (UBUNTU)
CVE: CVE-2004-0997
CVE: CVE-2004-0997
Id:
CVE-2004-0997
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0997
Comment
: Unspecified vulnerability in the ptrace MIPS assembly code in Linux kernel 2.4 before 2.4.17 allows local users to gain privileges via unknown vectors.
CVSSv2 Score:
4.6
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CWE:
CWE-Other ()
References:
http://kernel.debian.net/debian/pool/main/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody4_ia64.changes (CONFIRM)
20162 (SECUNIA)
20163 (SECUNIA)
20202 (SECUNIA)
20338 (SECUNIA)
http://svn.debian.org/wsvn/kernel/patch-tracking/CVE-2004-0997?op=file&rev=0&sc=0 (MISC)
DSA-1067 (DEBIAN)
DSA-1069 (DEBIAN)
DSA-1070 (DEBIAN)
DSA-1082 (DEBIAN)
18176 (BID)
CVE: CVE-2004-1335
CVE: CVE-2004-1335
Id:
CVE-2004-1335
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1335
Comment
: Memory leak in the ip_options_get function in the Linux kernel before 2.6.10 allows local users to cause a denial of service (memory consumption) by repeatedly calling the ip_cmsg_send function.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CWE:
CWE-Other ()
References:
20041215 fun with linux kernel (FULLDISC)
http://www.guninski.com/where_do_you_want_billg_to_go_today_2.html (MISC)
11956 (BID)
RHSA-2005:016 (REDHAT)
DSA-1070 (DEBIAN)
DSA-1067 (DEBIAN)
DSA-1069 (DEBIAN)
RHSA-2005:017 (REDHAT)
20163 (SECUNIA)
20202 (SECUNIA)
DSA-1082 (DEBIAN)
20338 (SECUNIA)
20041215 [USN-47-1] Linux kernel vulnerabilities (BUGTRAQ)
linux-ipoptionsget-memory-leak(18524) (XF)
oval:org.mitre.oval:def:11085 (OVAL)
CVE: CVE-2004-1017
CVE: CVE-2004-1017
Id:
CVE-2004-1017
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1017
Comment
: Multiple "overflows" in the io_edgeport driver for Linux kernel 2.4.x have unknown impact and unknown attack vectors.
CVSSv2 Score:
10
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE:
CWE-Other ()
References:
19374 (SECUNIA)
20162 (SECUNIA)
20163 (SECUNIA)
20202 (SECUNIA)
20338 (SECUNIA)
DSA-1017 (DEBIAN)
DSA-1067 (DEBIAN)
DSA-1069 (DEBIAN)
DSA-1070 (DEBIAN)
DSA-1082 (DEBIAN)
RHSA-2004:689 (REDHAT)
RHSA-2005:016 (REDHAT)
RHSA-2005:017 (REDHAT)
12102 (BID)
FLSA:2336 (FEDORA)
linux-ioedgeport-bo(18433) (XF)
oval:org.mitre.oval:def:9786 (OVAL)
CVE: CVE-2005-0124
CVE: CVE-2005-0124
Id:
CVE-2005-0124
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0124
Comment
: The coda_pioctl function in the coda functionality (pioctl.c) for Linux kernel 2.6.9 and 2.4.x before 2.4.29 may allow local users to cause a denial of service (crash) or execute arbitrary code via negative vi.in_size or vi.out_size values, which may trigger a buffer overflow.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CWE:
CWE-Other ()
References:
[linux-kernel] 20041216 [Coverity] Untrusted user data in kernel (MLIST)
[linux-kernel] 20050105 Re: [Coverity] Untrusted user data in kernel (MLIST)
[linux-kernel] 20050107 [PATCH 2.4.29-pre3-bk4] fs/coda Re: [Coverity] Untrusted user data in kernel (MLIST)
[linux-kernel] 20050107 [PATCH 2.6.10-mm2] fs/coda Re: [Coverity] Untrusted user data in kernel (MLIST)
17002 (SECUNIA)
18684 (SECUNIA)
19374 (SECUNIA)
20163 (SECUNIA)
20202 (SECUNIA)
20338 (SECUNIA)
1013018 (SECTRACK)
DSA-1017 (DEBIAN)
DSA-1067 (DEBIAN)
DSA-1069 (DEBIAN)
DSA-1070 (DEBIAN)
DSA-1082 (DEBIAN)
RHSA-2005:663 (REDHAT)
RHSA-2006:0191 (REDHAT)
FLSA:157459-1 (FEDORA)
14967 (BID)
ADV-2005-1878 (VUPEN)
oval:org.mitre.oval:def:11690 (OVAL)
CVE: CVE-2003-0984
CVE: CVE-2003-0984
Id:
CVE-2003-0984
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0984
Comment
: Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do not properly initialize their structures, which could leak kernel data to user space.
CVSSv2 Score:
4.6
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CWE:
CWE-Other ()
References:
CLA-2004:799 (CONECTIVA)
20040112 SmoothWall Project Security Advisory SWP-2004:001 (BUGTRAQ)
10533 (SECUNIA)
10536 (SECUNIA)
10537 (SECUNIA)
10538 (SECUNIA)
10555 (SECUNIA)
10582 (SECUNIA)
10583 (SECUNIA)
20162 (SECUNIA)
20163 (SECUNIA)
20202 (SECUNIA)
20338 (SECUNIA)
DSA-1067 (DEBIAN)
DSA-1069 (DEBIAN)
DSA-1070 (DEBIAN)
DSA-1082 (DEBIAN)
ESA-20040105-001 (ENGARDE)
MDKSA-2004:001 (MANDRAKE)
SuSE-SA:2003:049 (SUSE)
3317 (OSVDB)
FEDORA-2003-046 (FEDORA)
RHSA-2003:417 (REDHAT)
RHSA-2004:188 (REDHAT)
9154 (BID)
1008594 (SECTRACK)
linux-rtc-memory-leak(13943) (XF)
oval:org.mitre.oval:def:1013 (OVAL)
oval:org.mitre.oval:def:859 (OVAL)
oval:org.mitre.oval:def:9406 (OVAL)
CVE: CVE-2004-1070
CVE: CVE-2004-1070
Id:
CVE-2004-1070
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1070
Comment
: The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly check return values from calls to the kernel_read function, which may allow local users to modify sensitive memory in a setuid program and execute arbitrary code.
CVSSv2 Score:
7.2
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE:
CWE-Other ()
References:
20060402-01-U (SGI)
19607 (SECUNIA)
20162 (SECUNIA)
20163 (SECUNIA)
20202 (SECUNIA)
20338 (SECUNIA)
DSA-1067 (DEBIAN)
DSA-1069 (DEBIAN)
DSA-1070 (DEBIAN)
DSA-1082 (DEBIAN)
http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt (MISC)
MDKSA-2005:022 (MANDRAKE)
RHSA-2004:504 (REDHAT)
RHSA-2004:505 (REDHAT)
RHSA-2004:549 (REDHAT)
11646 (BID)
FLSA:2336 (FEDORA)
linux-elf-setuid-gain-privileges(18025) (XF)
oval:org.mitre.oval:def:9450 (OVAL)
CVE: CVE-2004-1071
CVE: CVE-2004-1071
Id:
CVE-2004-1071
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1071
Comment
: The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly handle a failed call to the mmap function, which causes an incorrect mapped image and may allow local users to execute arbitrary code.
CVSSv2 Score:
7.2
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE:
CWE-Other ()
References:
20060402-01-U (SGI)
19607 (SECUNIA)
20162 (SECUNIA)
20163 (SECUNIA)
20202 (SECUNIA)
20338 (SECUNIA)
DSA-1067 (DEBIAN)
DSA-1069 (DEBIAN)
DSA-1070 (DEBIAN)
DSA-1082 (DEBIAN)
http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt (MISC)
MDKSA-2005:022 (MANDRAKE)
RHSA-2004:504 (REDHAT)
RHSA-2004:505 (REDHAT)
RHSA-2004:537 (REDHAT)
11646 (BID)
FLSA:2336 (FEDORA)
linux-elf-setuid-gain-privileges(18025) (XF)
oval:org.mitre.oval:def:9917 (OVAL)
CVE: CVE-2004-1072
CVE: CVE-2004-1072
Id:
CVE-2004-1072
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1072
Comment
: The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, may create an interpreter name string that is not NULL terminated, which could cause strings longer than PATH_MAX to be used, leading to buffer overflows that allow local users to cause a denial of service (hang) and possibly execute arbitrary code.
CVSSv2 Score:
7.2
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE:
CWE-Other ()
References:
20060402-01-U (SGI)
19607 (SECUNIA)
20162 (SECUNIA)
20163 (SECUNIA)
20202 (SECUNIA)
20338 (SECUNIA)
DSA-1067 (DEBIAN)
DSA-1069 (DEBIAN)
DSA-1070 (DEBIAN)
DSA-1082 (DEBIAN)
http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt (MISC)
MDKSA-2005:022 (MANDRAKE)
RHSA-2004:504 (REDHAT)
RHSA-2004:505 (REDHAT)
RHSA-2004:537 (REDHAT)
RHSA-2005:275 (REDHAT)
11646 (BID)
FLSA:2336 (FEDORA)
linux-elf-setuid-gain-privileges(18025) (XF)
oval:org.mitre.oval:def:11195 (OVAL)
CVE: CVE-2004-1073
CVE: CVE-2004-1073
Id:
CVE-2004-1073
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1073
Comment
: The open_exec function in the execve functionality (exec.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users to read non-readable ELF binaries by using the interpreter (PT_INTERP) functionality.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CWE:
CWE-Other ()
References:
18684 (SECUNIA)
20162 (SECUNIA)
20163 (SECUNIA)
20202 (SECUNIA)
20338 (SECUNIA)
DSA-1067 (DEBIAN)
DSA-1069 (DEBIAN)
DSA-1070 (DEBIAN)
DSA-1082 (DEBIAN)
http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt (MISC)
MDKSA-2005:022 (MANDRAKE)
RHSA-2004:504 (REDHAT)
RHSA-2004:505 (REDHAT)
RHSA-2004:549 (REDHAT)
RHSA-2005:293 (REDHAT)
RHSA-2006:0190 (REDHAT)
RHSA-2006:0191 (REDHAT)
11646 (BID)
FLSA:2336 (FEDORA)
linux-elf-setuid-gain-privileges(18025) (XF)
oval:org.mitre.oval:def:11503 (OVAL)
CVE: CVE-2004-1074
CVE: CVE-2004-1074
Id:
CVE-2004-1074
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1074
Comment
: The binfmt functionality in the Linux kernel, when "memory overcommit" is enabled, allows local users to cause a denial of service (kernel oops) via a malformed a.out binary.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CWE:
CWE-Other ()
References:
CLA-2005:930 (CONECTIVA)
20041216 [USN-39-1] Linux amd64 kernel vulnerability (BUGTRAQ)
[linux-kernel] 20041111 a.out issue (MLIST)
20162 (SECUNIA)
20163 (SECUNIA)
20202 (SECUNIA)
20338 (SECUNIA)
DSA-1067 (DEBIAN)
DSA-1069 (DEBIAN)
DSA-1070 (DEBIAN)
DSA-1082 (DEBIAN)
MDKSA-2005:022 (MANDRAKE)
11754 (BID)
2005-0001 (TRUSTIX)
FLSA:2336 (FEDORA)
linux-aout-binary-dos(18290) (XF)
oval:org.mitre.oval:def:9751 (OVAL)
CVE: CVE-2004-0138
CVE: CVE-2004-0138
Id:
CVE-2004-0138
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0138
Comment
: The ELF loader in Linux kernel 2.4 before 2.4.25 allows local users to cause a denial of service (crash) via a crafted ELF file with an interpreter with an invalid arch (architecture), which triggers a BUG() when an invalid VMA is unmapped.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CWE:
CWE-Other ()
References:
DSA-1070 (DEBIAN)
DSA-1067 (DEBIAN)
DSA-1069 (DEBIAN)
20162 (SECUNIA)
20163 (SECUNIA)
20202 (SECUNIA)
http://kernel.debian.net/debian/pool/main/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody4_ia64.changes (CONFIRM)
DSA-1082 (DEBIAN)
18174 (BID)
20338 (SECUNIA)
RHSA-2004:549 (REDHAT)
RHSA-2004:504 (REDHAT)
http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.25 (CONFIRM)
linux-kernel-elfloader-dos(43124) (XF)
oval:org.mitre.oval:def:10123 (OVAL)
http://linux.bkbits.net:8080/linux-2.4/cset%404021346f79nBb-4X_usRikR3Iyb4Vg ()
CVE: CVE-2004-1068
CVE: CVE-2004-1068
Id:
CVE-2004-1068
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1068
Comment
: A "missing serialization" error in the unix_dgram_recvmsg function in Linux 2.4.27 and earlier, and 2.6.x up to 2.6.9, allows local users to gain privileges via a race condition.
CVSSv2 Score:
6.2
Access vector:
LOCAL
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:H/Au:N/C:C/I:C/A:C
CWE:
CWE-Other ()
References:
20060402-01-U (SGI)
20041214 [USN-38-1] Linux kernel vulnerabilities (BUGTRAQ)
19607 (SECUNIA)
20162 (SECUNIA)
20163 (SECUNIA)
20202 (SECUNIA)
20338 (SECUNIA)
DSA-1067 (DEBIAN)
DSA-1069 (DEBIAN)
DSA-1070 (DEBIAN)
DSA-1082 (DEBIAN)
MDKSA-2005:022 (MANDRAKE)
SUSE-SA:2004:044 (SUSE)
RHSA-2004:504 (REDHAT)
RHSA-2004:505 (REDHAT)
RHSA-2004:537 (REDHAT)
20041119 Addendum, recent Linux <= 2.4.27 vulnerabilities (BUGTRAQ)
11715 (BID)
FLSA:2336 (FEDORA)
linux-afunix-race-condition(18230) (XF)
oval:org.mitre.oval:def:11384 (OVAL)
CVE: CVE-2004-1234
CVE: CVE-2004-1234
Id:
CVE-2004-1234
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1234
Comment
: load_elf_binary in Linux before 2.4.26 allows local users to cause a denial of service (system crash) via an ELF binary in which the interpreter is NULL.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CWE:
CWE-Other ()
References:
FLSA:2336 (FEDORA)
RHSA-2004:689 (REDHAT)
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=142965 (CONFIRM)
12101 (BID)
RHSA-2005:016 (REDHAT)
DSA-1070 (DEBIAN)
DSA-1067 (DEBIAN)
DSA-1069 (DEBIAN)
RHSA-2005:017 (REDHAT)
20162 (SECUNIA)
20163 (SECUNIA)
20202 (SECUNIA)
DSA-1082 (DEBIAN)
20338 (SECUNIA)
linux-loadelfbinary-dos(18687) (XF)
oval:org.mitre.oval:def:10608 (OVAL)
http://linux.bkbits.net:8080/linux-2.4/cset%404076466d_SqUm4azg4_v3FIG2-X6XQ ()
CVE: CVE-2005-0003
CVE: CVE-2005-0003
Id:
CVE-2005-0003
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0003
Comment
: The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly check for overlapping VMA (virtual memory address) allocations, which allows local users to cause a denial of service (system crash) or execute arbitrary code via a crafted ELF or a.out file.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CWE:
CWE-Other ()
References:
RHSA-2005:043 (REDHAT)
12261 (BID)
SUSE-SA:2005:018 (SUSE)
2005-0001 (TRUSTIX)
1012885 (SECTRACK)
RHSA-2005:017 (REDHAT)
20163 (SECUNIA)
20202 (SECUNIA)
20338 (SECUNIA)
MDKSA-2005:022 (MANDRAKE)
DSA-1067 (DEBIAN)
DSA-1070 (DEBIAN)
DSA-1082 (DEBIAN)
DSA-1069 (DEBIAN)
linux-vma-gain-privileges(18886) (XF)
oval:org.mitre.oval:def:9512 (OVAL)
http://linux.bkbits.net:8080/linux-2.4/cset%4041c36fb6q1Z68WUzKQFjJR-40Ev3tw ()
http://linux.bkbits.net:8080/linux-2.6/cset%4041a6721cce-LoPqkzKXudYby_3TUmg ()
CVE: CVE-2004-1235
CVE: CVE-2004-1235
Id:
CVE-2004-1235
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1235
Comment
: Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.
CVSSv2 Score:
6.2
Access vector:
LOCAL
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:H/Au:N/C:C/I:C/A:C
CWE:
CWE-Other ()
References:
CLA-2005:930 (CONECTIVA)
http://isec.pl/vulnerabilities/isec-0021-uselib.txt (MISC)
20050107 Linux kernel sys_uselib local root vulnerability (BUGTRAQ)
20162 (SECUNIA)
20163 (SECUNIA)
20202 (SECUNIA)
20338 (SECUNIA)
DSA-1067 (DEBIAN)
DSA-1069 (DEBIAN)
DSA-1070 (DEBIAN)
DSA-1082 (DEBIAN)
MDKSA-2005:022 (MANDRAKE)
SUSE-SR:2005:001 (SUSE)
RHSA-2005:016 (REDHAT)
RHSA-2005:017 (REDHAT)
RHSA-2005:043 (REDHAT)
RHSA-2005:092 (REDHAT)
http://www.securityfocus.com/advisories/7804 (CONFIRM)
FEDORA-2005-014 (FEDORA)
FEDORA-2005-013 (FEDORA)
12190 (BID)
2005-0001 (TRUSTIX)
FLSA:2336 (FEDORA)
linux-uselib-gain-privileges(18800) (XF)
oval:org.mitre.oval:def:9567 (OVAL)
CVE: CVE-2005-0504
CVE: CVE-2005-0504
Id:
CVE-2005-0504
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0504
Comment
: Buffer overflow in the MoxaDriverIoctl function for the moxa serial driver (moxa.c) in Linux 2.2.x, 2.4.x, and 2.6.x before 2.6.22 allows local users to execute arbitrary code via a certain modified length value.
CVSSv2 Score:
4.6
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22 (CONFIRM)
20050107 grsecurity 2.1.0 release / 5 Linux kernel advisories (FULLDISC)
17002 (SECUNIA)
20163 (SECUNIA)
20202 (SECUNIA)
20338 (SECUNIA)
26651 (SECUNIA)
30112 (SECUNIA)
1013273 (SECTRACK)
DSA-1067 (DEBIAN)
DSA-1069 (DEBIAN)
DSA-1070 (DEBIAN)
DSA-1082 (DEBIAN)
RHSA-2005:529 (REDHAT)
RHSA-2005:551 (REDHAT)
RHSA-2005:663 (REDHAT)
RHSA-2008:0237 (REDHAT)
12195 (BID)
USN-508-1 (UBUNTU)
ADV-2005-1878 (VUPEN)
oval:org.mitre.oval:def:9770 (OVAL)
CVE: CVE-2005-0384
CVE: CVE-2005-0384
Id:
CVE-2005-0384
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0384
Comment
: Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via a pppd client.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE:
CWE-Other ()
References:
20163 (SECUNIA)
20202 (SECUNIA)
20338 (SECUNIA)
DSA-1067 (DEBIAN)
DSA-1069 (DEBIAN)
DSA-1070 (DEBIAN)
DSA-1082 (DEBIAN)
SUSE-SA:2005:018 (SUSE)
RHSA-2005:283 (REDHAT)
RHSA-2005:284 (REDHAT)
RHSA-2005:293 (REDHAT)
RHSA-2005:366 (REDHAT)
12810 (BID)
2005-0009 (TRUSTIX)
FLSA:152532 (FEDORA)
oval:org.mitre.oval:def:9562 (OVAL)
USN-95-1 (UBUNTU)
CVE: CVE-2005-0135
CVE: CVE-2005-0135
Id:
CVE-2005-0135
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0135
Comment
: The unw_unwind_to_user function in unwind.c on Itanium (ia64) architectures in Linux kernel 2.6 allows local users to cause a denial of service (system crash).
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CWE:
CWE-Other ()
References:
RHSA-2005:366 (REDHAT)
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=148868 (CONFIRM)
15019 (SECUNIA)
RHSA-2005:284 (REDHAT)
RHSA-2005:293 (REDHAT)
DSA-1070 (DEBIAN)
DSA-1067 (DEBIAN)
DSA-1069 (DEBIAN)
13266 (BID)
20163 (SECUNIA)
20202 (SECUNIA)
DSA-1082 (DEBIAN)
20338 (SECUNIA)
oval:org.mitre.oval:def:9040 (OVAL)
http://linux.bkbits.net:8080/linux-2.6/cset%4041f2beablXVnAs_6fznhhITh1j5hZg ()
Content available only for registered users!
ovaldb@altx-soft.com