Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2456

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2005-2456
Last Modified 07 Mar 2011 09:24:31
Published 04 Aug 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-2456

Summary

Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c in Linux kernel 2.6 allows local users to cause a denial of service (oops or deadlock) and possibly execute arbitrary code via a p->dir value that is larger than XFRM_POLICY_OUT, which is used as an index in the sock->sk_policy array.

Vulnerable Systems

Operating System

  • Linux Kernel 2.6.0


References

MISC - http://www.mail-archive.com/netdev@vger.kernel.org/msg00520.html

CONFIRM - http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a4f1bac62564049ea4718c4624b0fadc9f597c84

CONFIRM - http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blobdiff;h=8da3e25b2c4c1f305fd85428d3a9eb62b543bfba;hp=ecade4893a139cc35d4fe345ce70242ede5358c4;hb=a4f1bac62564049ea4718c4624b0fadc9f597c84;f=net/xfrm/xfrm_user.c

VUPEN - ADV-2005-1878

MANDRAKE - MDKSA-2005:220

MANDRAKE - MDKSA-2005:219

XF - linux-kernel-xfrm-dos(21710)

UBUNTU - USN-169-1

BID - 14477

FEDORA - FLSA:157459-3

REDHAT - RHSA-2005:663

REDHAT - RHSA-2005:514

SUSE - SUSE-SA:2005:050

DEBIAN - DSA-922

DEBIAN - DSA-921

SECUNIA - 18059

SECUNIA - 18056

SECUNIA - 17826

SECUNIA - 17073

SECUNIA - 17002

SECUNIA - 16500

SECUNIA - 16298


Last Updated: 27 May 2016 10:40:31