ID CVE-2004-0491
Summary The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not properly maintain the mlock page count when one process unlocks pages that belong to another process, which allows local users to mlock more memory than specified by the rlimit.
References
Vulnerable Configurations
  • cpe:2.3:o:redhat:enterprise_linux:3.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:3.0:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 11-10-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:P/A:N
oval via4
  • accepted 2013-04-29T04:07:37.323-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    description The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not properly maintain the mlock page count when one process unlocks pages that belong to another process, which allows local users to mlock more memory than specified by the rlimit.
    family unix
    id oval:org.mitre.oval:def:10672
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not properly maintain the mlock page count when one process unlocks pages that belong to another process, which allows local users to mlock more memory than specified by the rlimit.
    version 23
  • accepted 2005-08-18T07:37:00.000-04:00
    class vulnerability
    contributors
    name Jay Beale
    organization Bastille Linux
    description The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not properly maintain the mlock page count when one process unlocks pages that belong to another process, which allows local users to mlock more memory than specified by the rlimit.
    family unix
    id oval:org.mitre.oval:def:1117
    status accepted
    submitted 2005-06-29T12:00:00.000-04:00
    title mlock Memory Page Tracking Vulnerability
    version 4
redhat via4
advisories
rhsa
id RHSA-2005:472
refmap via4
bid 13769
confirm https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=126411
mlist [linux-kernel] 20040402 Re: disable-cap-mlock
secunia 19607
sgi 20060402-01-U
Last major update 11-10-2017 - 01:29
Published 31-12-2004 - 05:00
Back to Top