Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4881

Overview

Vulnerability Score 4.9 4.9
CVE Id CVE-2005-4881
Last Modified 19 Mar 2012 12:00:00
Published 19 Oct 2009 04:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-4881

Summary

The netlink subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.13-rc1 does not initialize certain padding fields in structures, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors, related to the (1) tc_fill_qdisc, (2) tcf_fill_node, (3) neightbl_fill_info, (4) neightbl_fill_param_info, (5) neigh_fill_info, (6) rtnetlink_fill_ifinfo, (7) rtnetlink_fill_iwinfo, (8) vif_delete, (9) ipmr_destroy_unres, (10) ipmr_cache_alloc_unres, (11) ipmr_cache_resolve, (12) inet6_fill_ifinfo, (13) tca_get_fill, (14) tca_action_flush, (15) tcf_add_notify, (16) tc_dump_action, (17) cbq_dump_police, (18) __nlmsg_put, (19) __rta_fill, (20) __rta_reserve, (21) inet6_fill_prefix, (22) rsvp_dump, and (23) cbq_dump_ovl functions.

Vulnerable Systems

Operating System

  • Linux Kernel 2.4.1

  • Linux Kernel 2.4.10

  • Linux Kernel 2.4.11

  • Linux Kernel 2.4.12

  • Linux Kernel 2.4.13

  • Linux Kernel 2.4.14

  • Linux Kernel 2.4.15

  • Linux Kernel 2.4.16

  • Linux Kernel 2.4.17

  • Linux Kernel 2.4.18

  • Linux Kernel 2.4.19

  • Linux Kernel 2.4.2

  • Linux Kernel 2.4.20

  • Linux Kernel 2.4.21

  • Linux Kernel 2.4.22

  • Linux Kernel 2.4.23

  • Linux Kernel 2.4.24

  • Linux Kernel 2.4.25

  • Linux Kernel 2.4.26

  • Linux Kernel 2.4.27

  • Linux Kernel 2.4.28

  • Linux Kernel 2.4.29

  • Linux Kernel 2.4.3

  • Linux Kernel 2.4.30

  • Linux Kernel 2.4.31

  • Linux Kernel 2.4.32

  • Linux Kernel 2.4.33

  • Linux Kernel 2.4.33.1

  • Linux Kernel 2.4.33.2

  • Linux Kernel 2.4.33.3

  • Linux Kernel 2.4.33.4

  • Linux Kernel 2.4.33.5

  • Linux Kernel 2.4.33.7

  • Linux Kernel 2.4.34

  • Linux Kernel 2.4.34.1

  • Linux Kernel 2.4.34.2

  • Linux Kernel 2.4.34.3

  • Linux Kernel 2.4.34.4

  • Linux Kernel 2.4.34.5

  • Linux Kernel 2.4.34.6

  • Linux Kernel 2.4.35.1

  • Linux Kernel 2.4.35.2

  • Linux Kernel 2.4.35.3

  • Linux Kernel 2.4.35.4

  • Linux Kernel 2.4.35.5

  • Linux Kernel 2.4.36

  • Linux Kernel 2.4.36.1

  • Linux Kernel 2.4.36.2

  • Linux Kernel 2.4.36.3

  • Linux Kernel 2.4.36.4

  • Linux Kernel 2.4.36.5

  • Linux Kernel 2.4.36.6

  • Linux Kernel 2.4.36.7

  • Linux Kernel 2.4.36.8

  • Linux Kernel 2.4.36.9

  • Linux Kernel 2.4.37

  • Linux Kernel 2.4.37.1

  • Linux Kernel 2.4.37.2

  • Linux Kernel 2.4.37.3

  • Linux Kernel 2.4.37.4

  • Linux Kernel 2.4.37.5

  • Linux Kernel 2.4.4

  • Linux Kernel 2.4.5

  • Linux Kernel 2.4.6

  • Linux Kernel 2.4.7

  • Linux Kernel 2.4.8

  • Linux Kernel 2.4.9

  • Linux Kernel 2.6.0

  • Linux Kernel 2.6.1

  • Linux Kernel 2.6.10

  • Linux Kernel 2.6.11

  • Linux Kernel 2.6.11.1

  • Linux Kernel 2.6.11.10

  • Linux Kernel 2.6.11.11

  • Linux Kernel 2.6.11.12

  • Linux Kernel 2.6.11.2

  • Linux Kernel 2.6.11.3

  • Linux Kernel 2.6.11.4

  • Linux Kernel 2.6.11.5

  • Linux Kernel 2.6.11.6

  • Linux Kernel 2.6.11.7

  • Linux Kernel 2.6.11.8

  • Linux Kernel 2.6.11.9

  • Linux Kernel 2.6.12

  • Linux Kernel 2.6.12.1

  • Linux Kernel 2.6.12.2

  • Linux Kernel 2.6.12.3

  • Linux Kernel 2.6.12.4

  • Linux Kernel 2.6.12.5

  • Linux Kernel 2.6.12.6


References

MLIST - [oss-security] 20090917 Re: CVE request: kernel: tc: uninitialised kernel memory leak

MLIST - [oss-security] 20090916 Re: CVE request: kernel: tc: uninitialised kernel memory leak

MLIST - [oss-security] 20090907 Re: CVE request: kernel: tc: uninitialised kernel memory leak

MLIST - [oss-security] 20090906 Re: CVE request: kernel: tc: uninitialised kernel memory leak

MLIST - [oss-security] 20090905 Re: CVE request: kernel: tc: uninitialised kernel memory leak

CONFIRM - http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.13/ChangeLog-2.6.13-rc1

MLIST - [bk-commits-head] 20050629 [NETLINK]: Missing initializations in dumped data

CONFIRM - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b3563c4fbff906991a1b4ef4609f99cca2a0de6a

CONFIRM - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9ef1d4c7c7aca1cd436612b6ca785b726ffb8ed8

CONFIRM - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8a47077a0b5aa2649751c46e7a27884e6686ccbf

CONFIRM - http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=3408cce0c2f380884070896420ca566704452fb5

CONFIRM - http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=30e744716c4a6cc4e8ecaaddf68f20057c03dc8d

CONFIRM - http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=0f3f2328f63c521fe4b435f148687452f98b2349

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=521601

REDHAT - RHSA-2009:1522

CONFIRM - http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.6

SECUNIA - 37909

SECUNIA - 37084

SUSE - SUSE-SA:2009:064


Last Updated: 27 May 2016 10:59:54