Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1768

Overview

Vulnerability Score 3.7 3.7
CVE Id CVE-2005-1768
Last Modified 07 Mar 2011 09:22:48
Published 11 Jul 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2005-1768

Summary

Race condition in the ia32 compatibility code for the execve system call in Linux kernel 2.4 before 2.4.31 and 2.6 before 2.6.6 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via a concurrent thread that increments a pointer count after the nargs function has counted the pointers, but before the count is copied from user space to kernel space, which leads to a buffer overflow.

Vulnerable Systems

Operating System

  • Linux Kernel 2.4.0

  • Linux Kernel 2.4.1

  • Linux Kernel 2.4.10

  • Linux Kernel 2.4.11

  • Linux Kernel 2.4.12

  • Linux Kernel 2.4.13

  • Linux Kernel 2.4.14

  • Linux Kernel 2.4.15

  • Linux Kernel 2.4.16

  • Linux Kernel 2.4.17

  • Linux Kernel 2.4.18

  • Linux Kernel 2.4.19

  • Linux Kernel 2.4.2

  • Linux Kernel 2.4.20

  • Linux Kernel 2.4.21

  • Linux Kernel 2.4.22

  • Linux Kernel 2.4.23

  • Linux Kernel 2.4.23 Ow2

  • Linux Kernel 2.4.24

  • Linux Kernel 2.4.24 Ow1

  • Linux Kernel 2.4.25

  • Linux Kernel 2.4.26

  • Linux Kernel 2.4.27

  • Linux Kernel 2.4.28

  • Linux Kernel 2.4.29

  • Linux Kernel 2.4.3

  • Linux Kernel 2.4.30

  • Linux Kernel 2.4.31

  • Linux Kernel 2.6 Test9 Cvs

  • Linux Kernel 2.6.0

  • Linux Kernel 2.6.1

  • Linux Kernel 2.6.10

  • Linux Kernel 2.6.2

  • Linux Kernel 2.6.3

  • Linux Kernel 2.6.4

  • Linux Kernel 2.6.5

  • Linux Kernel 2.6.6


References

VUPEN - ADV-2005-1878

MISC - http://www.suresec.org/advisories/adv4.pdf

BUGTRAQ - 20050711 [ Suresec Advisories ] - Linux kernel ia32 compatibility (ia64/x86-64)

BID - 14205

REDHAT - RHSA-2005:663

REDHAT - RHSA-2005:551

SUSE - SUSE-SA:2005:044

DEBIAN - DSA-921

SECTRACK - 1014442

SECUNIA - 19607

SECUNIA - 19185

SECUNIA - 18059

SECUNIA - 17002

SECUNIA - 15980

SGI - 20060402-01-U


Last Updated: 27 May 2016 10:40:17