Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2800

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2005-2800
Last Modified 07 Mar 2011 09:25:03
Published 06 Sep 2005 01:03:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-2800

Summary

Memory leak in the seq_file implemenetation in the SCSI procfs interface (sg.c) in Linux kernel 2.6.13 and earlier allows local users to cause a denial of service (memory consumption) via certain repeated reads from the /proc/scsi/sg/devices file, which is not properly handled when the next() iterator returns NULL or an error.

Vulnerable Systems

Operating System

  • Linux Kernel 2.6.0

  • Linux Kernel 2.6.1

  • Linux Kernel 2.6.10

  • Linux Kernel 2.6.11

  • Linux Kernel 2.6.12

  • Linux Kernel 2.6.13

  • Linux Kernel 2.6.2

  • Linux Kernel 2.6.3

  • Linux Kernel 2.6.4

  • Linux Kernel 2.6.5

  • Linux Kernel 2.6.6

  • Linux Kernel 2.6.7

  • Linux Kernel 2.6.8

  • Linux Kernel 2.6.9


References

MANDRIVA - MDKSA-2005:220

MANDRAKE - MDKSA-2005:219

CONFIRM - http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=729d70f5dfd663b44bca68a4479c96bde7e535d6

BID - 14790

FEDORA - FLSA:157459-3

SUSE - SUSE-SA:2005:068

REDHAT - RHSA-2006:0101

MANDRAKE - MDKSA-2005:218

DEBIAN - DSA-1017

SECUNIA - 19374

SECUNIA - 18510

SECUNIA - 17918

SECUNIA - 17826


Last Updated: 27 May 2016 10:40:38