ID CVE-2005-0400
Summary The ext2_make_empty function call in the Linux kernel before 2.6.11.6 does not properly initialize memory when creating a block for a new directory entry, which allows local users to obtain potentially sensitive information by reading the block.
References
Vulnerable Configurations
  • Linux Kernel 2.6.11.6
    cpe:2.3:o:linux:linux_kernel:2.6.11.6
CVSS
Base: 2.1 (as of 07-06-2005 - 11:42)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-103-1.NASL
    description Mathieu Lafon discovered an information leak in the ext2 file system driver. When a new directory was created, the ext2 block written to disk was not initialized, so that previous memory contents (which could contain sensitive data like passwords) became visible on the raw device. This is particularly important if the target device is removable and thus can be read by users other than root. (CAN-2005-0400) Yichen Xie discovered a Denial of Service vulnerability in the ELF loader. A specially crafted ELF library or executable could cause an attempt to free an invalid pointer, which lead to a kernel crash. (CAN-2005-0749) Ilja van Sprundel discovered that the bluez_sock_create() function did not check its 'protocol' argument for negative values. A local attacker could exploit this to execute arbitrary code with root privileges by creating a Bluetooth socket with a specially crafted protocol number. (CAN-2005-0750) Michal Zalewski discovered that the iso9660 file system driver fails to check ranges properly in several cases. Mounting a specially crafted CD-ROM may have caused a buffer overflow leading to a kernel crash or even arbitrary code execution. (CAN-2005-0815) Previous kernels did not restrict the use of the N_MOUSE line discipline in the serial driver. This allowed an unprivileged user to inject mouse movement and/or keystrokes (using the sunkbd driver) into the input subsystem, taking over the console or an X session, where another user is logged in. (CAN-2005-0839) A Denial of Service vulnerability was found in the tmpfs driver, which is commonly used to mount RAM disks below /dev/shm and /tmp. The shm_nopage() did not properly verify its address argument, which could be exploited by a local user to cause a kernel crash with invalid addresses. (http://linux.bkbits.net:8080/linux-2.6/cset@420551fbRlv9-QG6Gw9Lw_bKV fPSsg). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-05-27
    plugin id 20489
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20489
    title Ubuntu 4.10 : linux-source-2.6.8.1 vulnerabilities (USN-103-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-111.NASL
    description Multiple vulnerabilities in the Linux kernel have been discovered and fixed in this update. The following have been fixed in the 2.4 kernels : Colin Percival discovered a vulnerability in Intel's Hyper-Threading technology could allow a local user to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys via a timing attack on memory cache misses. This has been corrected by disabling HT support in all kernels (CVE-2005-0109). When forwarding fragmented packets, a hardware assisted checksum could only be used once which could lead to a Denial of Service attack or crash by remote users (CVE-2005-0209). A flaw in the Linux PPP driver was found where on systems allowing remote users to connect to a server via PPP, a remote client could cause a crash, resulting in a Denial of Service (CVE-2005-0384). An information leak in the ext2 filesystem code was found where when a new directory is created, the ext2 block written to disk is not initialized (CVE-2005-0400). A signedness error in the copy_from_read_buf function in n_tty.c allows local users to read kernel memory via a negative argument (CVE-2005-0530). George Guninski discovered a buffer overflow in the ATM driver where the atm_get_addr() function does not validate its arguments sufficiently which could allow a local attacker to overwrite large portions of kernel memory by supplying a negative length argument. This could potentially lead to the execution of arbitrary code (CVE-2005-0531). A flaw when freeing a pointer in load_elf_library was found that could be abused by a local user to potentially crash the machine causing a Denial of Service (CVE-2005-0749). A problem with the Bluetooth kernel stack in kernels 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 could be used by a local attacker to gain root access or crash the machine (CVE-2005-0750). A race condition in the Radeon DRI driver allows a local user with DRI privileges to execute arbitrary code as root (CVE-2005-0767). Paul Starzetz found an integer overflow in the ELF binary format loader's code dump function in kernels prior to and including 2.4.31-pre1 and 2.6.12-rc4. By creating and executing a specially crafted ELF executable, a local attacker could exploit this to execute arbitrary code with root and kernel privileges (CVE-2005-1263).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 18599
    published 2005-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18599
    title Mandrake Linux Security Advisory : kernel-2.4 (MDKSA-2005:111)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-110.NASL
    description Multiple vulnerabilities in the Linux kernel have been discovered and fixed in this update. The following CVE names have been fixed in the LE2005 kernel : Colin Percival discovered a vulnerability in Intel's Hyper-Threading technology could allow a local user to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys via a timing attack on memory cache misses. This has been corrected by disabling HT support in all kernels (CVE-2005-0109). An information leak in the ext2 filesystem code in kernels prior to 2.6.11.6 was found where when a new directory is created, the ext2 block written to disk is not initialized (CVE-2005-0400). A flaw when freeing a pointer in load_elf_library was found in kernels prior to 2.6.11.6 that could be abused by a local user to potentially crash the machine causing a Denial of Service (CVE-2005-0749). A problem with the Bluetooth kernel stack in kernels 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 could be used by a local attacker to gain root access or crash the machine (CVE-2005-0750). Paul Starzetz found an integer overflow in the ELF binary format loader's code dump function in kernels prior to and including 2.4.31-pre1 and 2.6.12-rc4. By creating and executing a specially crafted ELF executable, a local attacker could exploit this to execute arbitrary code with root and kernel privileges (CVE-2005-1263). The drivers for raw devices used the wrong function to pass arguments to the underlying block device in 2.6.x kernels. This made the kernel address space accessible to user-space applications allowing any local user with at least read access to a device in /dev/raw/* (usually only root) to execute arbitrary code with kernel privileges (CVE-2005-1264). The it87 and via686a hardware monitor drivers in kernels prior to 2.6.11.8 and 2.6.12 prior to 2.6.12-rc2 created a sysfs file named 'alarms' with write permissions although they are not designed to be writable. This allowed a local user to crash the kernel by attempting to write to these files (CVE-2005-1369). In addition to the above-noted CVE-2005-0109, CVE-2005-0400, CVE-2005-0749, CVE-2005-0750, and CVE-2005-1369 fixes, the following CVE names have been fixed in the 10.1 kernel : The POSIX Capability Linux Security Module (LSM) for 2.6 kernels up to and including 2.6.8.1 did not properly handle the credentials of a process that is launched before the module is loaded, which could be used by local attackers to gain elevated privileges (CVE-2004-1337). A flaw in the Linux PPP driver in kernel 2.6.8.1 was found where on systems allowing remote users to connect to a server via PPP, a remote client could cause a crash, resulting in a Denial of Service (CVE-2005-0384). George Guninski discovered a buffer overflow in the ATM driver in kernels 2.6.10 and 2.6.11 before 2.6.11-rc4 where the atm_get_addr() function does not validate its arguments sufficiently which could allow a local attacker to overwrite large portions of kernel memory by supplying a negative length argument. This could potentially lead to the execution of arbitrary code (CVE-2005-0531). The reiserfs_copy_from_user_to_file_region function in reiserfs/file.c before kernel 2.6.11, when running on 64-bit architectures, could allow local users to trigger a buffer overflow as a result of casting discrepancies between size_t and int data types. This could allow an attacker to overwrite kernel memory, crash the machine, or potentially obtain root access (CVE-2005-0532). A race condition in the Radeon DRI driver in kernel 2.6.8.1 allows a local user with DRI privileges to execute arbitrary code as root (CVE-2005-0767). Access was not restricted to the N_MOUSE discipline for a TTY in kernels prior to 2.6.11. This could allow local attackers to obtain elevated privileges by injecting mouse or keyboard events into other user's sessions (CVE-2005-0839). Some futex functions in futex.c in 2.6 kernels performed get_user calls while holding the mmap_sem semaphore, which could allow a local attacker to cause a deadlock condition in do_page_fault by triggering get_user faults while another thread is executing mmap or other functions (CVE-2005-0937). In addition to the above-noted CVE-2004-1337, CVE-2005-0109, CVE-2005-0384, CVE-2005-0400, CVE-2005-0531, CVE-2005-0532, CVE-2005-0749, CVE-2005-0750, CVE-2005-0767, CVE-2005-0839, CVE-2005-0937, CVE-2005-1263, CVE-2005-1264, and CVE-2005-1369 fixes, the following CVE names have been fixed in the 10.0/ Corporate 3.0 kernels : A race condition in the setsid function in kernels before 2.6.8.1 could allow a local attacker to cause a Denial of Service and possibly access portions of kernel memory related to TTY changes, locking, and semaphores (CVE-2005-0178). When forwarding fragmented packets in kernel 2.6.8.1, a hardware assisted checksum could only be used once which could lead to a Denial of Service attack or crash by remote users (CVE-2005-0209). A signedness error in the copy_from_read_buf function in n_tty.c before kernel 2.6.11 allows local users to read kernel memory via a negative argument (CVE-2005-0530). A vulnerability in the fib_seq_start() function allowed a local user to crash the system by readiung /proc/net/route in a certain way, causing a Denial of Service (CVE-2005-1041). A vulnerability in the Direct Rendering Manager (DRM) driver in the 2.6 kernel does not properly check the DMA lock, which could allow remote attackers or local users to cause a Denial of Service (X Server crash) and possibly modify the video output (CVE-2004-1056).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 18598
    published 2005-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18598
    title Mandrake Linux Security Advisory : kernel (MDKSA-2005:110)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-366.NASL
    description Updated kernel packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 9 August 2005] The advisory text has been updated to show that this update fixed the security issue named CVE-2005-0210 but not CVE-2005-0209. The issue CVE-2005-0209 was actually fixed by RHSA-2005:420. No changes have been made to the packages associated with this advisory. The Linux kernel handles the basic functions of the operating system. A flaw in the fib_seq_start function was discovered. A local user could use this flaw to cause a denial of service (system crash) via /proc/net/route. (CVE-2005-1041) A flaw in the tmpfs file system was discovered. A local user could use this flaw to cause a denial of service (system crash). (CVE-2005-0977) An integer overflow flaw was found when writing to a sysfs file. A local user could use this flaw to overwrite kernel memory, causing a denial of service (system crash) or arbitrary code execution. (CVE-2005-0867) Keith Owens reported a flaw in the Itanium unw_unwind_to_user function. A local user could use this flaw to cause a denial of service (system crash) on Itanium architectures. (CVE-2005-0135) A flaw in the NFS client O_DIRECT error case handling was discovered. A local user could use this flaw to cause a denial of service (system crash). (CVE-2005-0207) A small memory leak when defragmenting local packets was discovered that affected the Linux 2.6 kernel netfilter subsystem. A local user could send a large number of carefully crafted fragments leading to memory exhaustion (CVE-2005-0210) A flaw was discovered in the Linux PPP driver. On systems allowing remote users to connect to a server using ppp, a remote client could cause a denial of service (system crash). (CVE-2005-0384) A flaw was discovered in the ext2 file system code. When a new directory is created, the ext2 block written to disk is not initialized, which could lead to an information leak if a disk image is made available to unprivileged users. (CVE-2005-0400) A flaw in fragment queuing was discovered that affected the Linux kernel netfilter subsystem. On systems configured to filter or process network packets (e.g. firewalling), a remote attacker could send a carefully crafted set of fragmented packets to a machine and cause a denial of service (system crash). In order to sucessfully exploit this flaw, the attacker would need to know or guess some aspects of the firewall ruleset on the target system. (CVE-2005-0449) A number of flaws were found in the Linux 2.6 kernel. A local user could use these flaws to read kernel memory or cause a denial of service (crash). (CVE-2005-0529, CVE-2005-0530, CVE-2005-0531) An integer overflow in sys_epoll_wait in eventpoll.c was discovered. A local user could use this flaw to overwrite low kernel memory. This memory is usually unused, not usually resulting in a security consequence. (CVE-2005-0736) A flaw when freeing a pointer in load_elf_library was discovered. A local user could potentially use this flaw to cause a denial of service (crash). (CVE-2005-0749) A flaw was discovered in the bluetooth driver system. On systems where the bluetooth modules are loaded, a local user could use this flaw to gain elevated (root) privileges. (CVE-2005-0750) A race condition was discovered that affected the Radeon DRI driver. A local user who has DRI privileges on a Radeon graphics card may be able to use this flaw to gain root privileges. (CVE-2005-0767) Multiple range checking flaws were discovered in the iso9660 file system handler. An attacker could create a malicious file system image which would cause a denial or service or potentially execute arbitrary code if mounted. (CVE-2005-0815) A flaw was discovered when setting line discipline on a serial tty. A local user may be able to use this flaw to inject mouse movements or keystrokes when another user is logged in. (CVE-2005-0839) Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum. Please note that
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 18095
    published 2005-04-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18095
    title RHEL 4 : kernel (RHSA-2005:366)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2005-366.NASL
    description Updated kernel packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 9 August 2005] The advisory text has been updated to show that this update fixed the security issue named CVE-2005-0210 but not CVE-2005-0209. The issue CVE-2005-0209 was actually fixed by RHSA-2005:420. No changes have been made to the packages associated with this advisory. The Linux kernel handles the basic functions of the operating system. A flaw in the fib_seq_start function was discovered. A local user could use this flaw to cause a denial of service (system crash) via /proc/net/route. (CVE-2005-1041) A flaw in the tmpfs file system was discovered. A local user could use this flaw to cause a denial of service (system crash). (CVE-2005-0977) An integer overflow flaw was found when writing to a sysfs file. A local user could use this flaw to overwrite kernel memory, causing a denial of service (system crash) or arbitrary code execution. (CVE-2005-0867) Keith Owens reported a flaw in the Itanium unw_unwind_to_user function. A local user could use this flaw to cause a denial of service (system crash) on Itanium architectures. (CVE-2005-0135) A flaw in the NFS client O_DIRECT error case handling was discovered. A local user could use this flaw to cause a denial of service (system crash). (CVE-2005-0207) A small memory leak when defragmenting local packets was discovered that affected the Linux 2.6 kernel netfilter subsystem. A local user could send a large number of carefully crafted fragments leading to memory exhaustion (CVE-2005-0210) A flaw was discovered in the Linux PPP driver. On systems allowing remote users to connect to a server using ppp, a remote client could cause a denial of service (system crash). (CVE-2005-0384) A flaw was discovered in the ext2 file system code. When a new directory is created, the ext2 block written to disk is not initialized, which could lead to an information leak if a disk image is made available to unprivileged users. (CVE-2005-0400) A flaw in fragment queuing was discovered that affected the Linux kernel netfilter subsystem. On systems configured to filter or process network packets (e.g. firewalling), a remote attacker could send a carefully crafted set of fragmented packets to a machine and cause a denial of service (system crash). In order to sucessfully exploit this flaw, the attacker would need to know or guess some aspects of the firewall ruleset on the target system. (CVE-2005-0449) A number of flaws were found in the Linux 2.6 kernel. A local user could use these flaws to read kernel memory or cause a denial of service (crash). (CVE-2005-0529, CVE-2005-0530, CVE-2005-0531) An integer overflow in sys_epoll_wait in eventpoll.c was discovered. A local user could use this flaw to overwrite low kernel memory. This memory is usually unused, not usually resulting in a security consequence. (CVE-2005-0736) A flaw when freeing a pointer in load_elf_library was discovered. A local user could potentially use this flaw to cause a denial of service (crash). (CVE-2005-0749) A flaw was discovered in the bluetooth driver system. On systems where the bluetooth modules are loaded, a local user could use this flaw to gain elevated (root) privileges. (CVE-2005-0750) A race condition was discovered that affected the Radeon DRI driver. A local user who has DRI privileges on a Radeon graphics card may be able to use this flaw to gain root privileges. (CVE-2005-0767) Multiple range checking flaws were discovered in the iso9660 file system handler. An attacker could create a malicious file system image which would cause a denial or service or potentially execute arbitrary code if mounted. (CVE-2005-0815) A flaw was discovered when setting line discipline on a serial tty. A local user may be able to use this flaw to inject mouse movements or keystrokes when another user is logged in. (CVE-2005-0839) Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum. Please note that
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21928
    published 2006-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21928
    title CentOS 3 / 4 : kernel (CESA-2005:366)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2006-0191.NASL
    description Updated kernel packages that fix a number of security issues as well as other bugs are now available for Red Hat Enterprise Linux 2.1 (32 bit architectures) This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below : - a flaw in network IGMP processing that a allowed a remote user on the local network to cause a denial of service (disabling of multicast reports) if the system is running multicast applications (CVE-2002-2185, moderate) - a race condition that allowed local users to read the environment variables of another process (CVE-2004-1058, low) - a flaw in the open_exec function of execve that allowed a local user to read setuid ELF binaries that should otherwise be protected by standard permissions. (CVE-2004-1073, moderate). Red Hat originally reported this flaw as being fixed by RHSA-2004:504, but a patch for this issue was missing from that update. - a flaw in the coda module that allowed a local user to cause a denial of service (crash) or possibly gain privileges (CVE-2005-0124, moderate) - a potential leak of kernel data from ext2 file system handling (CVE-2005-0400, low) - flaws in ISO-9660 file system handling that allowed the mounting of an invalid image on a CD-ROM to cause a denial of service (crash) or potentially execute arbitrary code (CVE-2005-0815, moderate) - a flaw in gzip/zlib handling internal to the kernel that may allow a local user to cause a denial of service (crash) (CVE-2005-2458, low) - a flaw in procfs handling during unloading of modules that allowed a local user to cause a denial of service or potentially gain privileges (CVE-2005-2709, moderate) - a flaw in IPv6 network UDP port hash table lookups that allowed a local user to cause a denial of service (hang) (CVE-2005-2973, important) - a network buffer info leak using the orinoco driver that allowed a remote user to possibly view uninitialized data (CVE-2005-3180, important) - a flaw in IPv4 network TCP and UDP netfilter handling that allowed a local user to cause a denial of service (crash) (CVE-2005-3275, important) - a flaw in the IPv6 flowlabel code that allowed a local user to cause a denial of service (crash) (CVE-2005-3806, important) The following bugs were also addressed : - Handle set_brk() errors in binfmt_elf/aout - Correct error handling in shmem_ioctl - Correct scsi error return - Fix netdump time keeping bug - Fix netdump link-down freeze - Fix FAT fs deadlock All Red Hat Enterprise Linux 2.1 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 20855
    published 2006-02-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20855
    title RHEL 2.1 : kernel (RHSA-2006:0191)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2005-663.NASL
    description Updated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 3. This is the sixth regular update. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. This is the sixth regular kernel update to Red Hat Enterprise Linux 3. New features introduced by this update include : - diskdump support on HP Smart Array devices - netconsole/netdump support over bonded interfaces - new chipset and device support via PCI table updates - support for new 'oom-kill' and 'kscand_work_percent' sysctls - support for dual core processors and ACPI Power Management timers on AMD64 and Intel EM64T systems There were many bug fixes in various parts of the kernel. The ongoing effort to resolve these problems has resulted in a marked improvement in the reliability and scalability of Red Hat Enterprise Linux 3. There were numerous driver updates and security fixes (elaborated below). Other key areas affected by fixes in this update include kswapd, inode handling, the SATA subsystem, diskdump handling, ptrace() syscall support, and signal handling. The following device drivers have been upgraded to new versions : 3w-9xxx ---- 2.24.03.008RH cciss ------ 2.4.58.RH1 e100 ------- 3.4.8-k2 e1000 ------ 6.0.54-k2 emulex ----- 7.3.2 fusion ----- 2.06.16i.01 iscsi ------ 3.6.2.1 ipmi ------- 35.4 lpfcdfc ---- 1.2.1 qlogic ----- 7.05.00-RH1 tg3 -------- 3.27RH The following security bugs were fixed in this update : - a flaw in syscall argument checking on Itanium systems that allowed a local user to cause a denial of service (crash) (CVE-2005-0136) - a flaw in stack expansion that allowed a local user of mlockall() to cause a denial of service (memory exhaustion) (CVE-2005-0179) - a small memory leak in network packet defragmenting that allowed a remote user to cause a denial of service (memory exhaustion) on systems using netfilter (CVE-2005-0210) - flaws in ptrace() syscall handling on AMD64 and Intel EM64T systems that allowed a local user to cause a denial of service (crash) (CVE-2005-0756, CVE-2005-1762, CVE-2005-2553) - flaws in ISO-9660 file system handling that allowed the mounting of an invalid image on a CD-ROM to cause a denial of service (crash) or potentially execute arbitrary code (CVE-2005-0815) - a flaw in ptrace() syscall handling on Itanium systems that allowed a local user to cause a denial of service (crash) (CVE-2005-1761) - a flaw in the alternate stack switching on AMD64 and Intel EM64T systems that allowed a local user to cause a denial of service (crash) (CVE-2005-1767) - race conditions in the ia32-compat support for exec() syscalls on AMD64, Intel EM64T, and Itanium systems that could allow a local user to cause a denial of service (crash) (CVE-2005-1768) - flaws in IPSEC network handling that allowed a local user to cause a denial of service or potentially gain privileges (CVE-2005-2456, CVE-2005-2555) - a flaw in sendmsg() syscall handling on 64-bit systems that allowed a local user to cause a denial of service or potentially gain privileges (CVE-2005-2490) - flaws in unsupported modules that allowed denial-of-service attacks (crashes) or local privilege escalations on systems using the drm, coda, or moxa modules (CVE-2004-1056, CVE-2005-0124, CVE-2005-0504) - potential leaks of kernel data from jfs and ext2 file system handling (CVE-2004-0181, CVE-2005-0400) Note: The kernel-unsupported package contains various drivers and modules that are unsupported and therefore might contain security problems that have not been addressed. All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21849
    published 2006-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21849
    title CentOS 3 : kernel (CESA-2005:663)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-663.NASL
    description Updated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 3. This is the sixth regular update. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. This is the sixth regular kernel update to Red Hat Enterprise Linux 3. New features introduced by this update include : - diskdump support on HP Smart Array devices - netconsole/netdump support over bonded interfaces - new chipset and device support via PCI table updates - support for new 'oom-kill' and 'kscand_work_percent' sysctls - support for dual core processors and ACPI Power Management timers on AMD64 and Intel EM64T systems There were many bug fixes in various parts of the kernel. The ongoing effort to resolve these problems has resulted in a marked improvement in the reliability and scalability of Red Hat Enterprise Linux 3. There were numerous driver updates and security fixes (elaborated below). Other key areas affected by fixes in this update include kswapd, inode handling, the SATA subsystem, diskdump handling, ptrace() syscall support, and signal handling. The following device drivers have been upgraded to new versions : 3w-9xxx ---- 2.24.03.008RH cciss ------ 2.4.58.RH1 e100 ------- 3.4.8-k2 e1000 ------ 6.0.54-k2 emulex ----- 7.3.2 fusion ----- 2.06.16i.01 iscsi ------ 3.6.2.1 ipmi ------- 35.4 lpfcdfc ---- 1.2.1 qlogic ----- 7.05.00-RH1 tg3 -------- 3.27RH The following security bugs were fixed in this update : - a flaw in syscall argument checking on Itanium systems that allowed a local user to cause a denial of service (crash) (CVE-2005-0136) - a flaw in stack expansion that allowed a local user of mlockall() to cause a denial of service (memory exhaustion) (CVE-2005-0179) - a small memory leak in network packet defragmenting that allowed a remote user to cause a denial of service (memory exhaustion) on systems using netfilter (CVE-2005-0210) - flaws in ptrace() syscall handling on AMD64 and Intel EM64T systems that allowed a local user to cause a denial of service (crash) (CVE-2005-0756, CVE-2005-1762, CVE-2005-2553) - flaws in ISO-9660 file system handling that allowed the mounting of an invalid image on a CD-ROM to cause a denial of service (crash) or potentially execute arbitrary code (CVE-2005-0815) - a flaw in ptrace() syscall handling on Itanium systems that allowed a local user to cause a denial of service (crash) (CVE-2005-1761) - a flaw in the alternate stack switching on AMD64 and Intel EM64T systems that allowed a local user to cause a denial of service (crash) (CVE-2005-1767) - race conditions in the ia32-compat support for exec() syscalls on AMD64, Intel EM64T, and Itanium systems that could allow a local user to cause a denial of service (crash) (CVE-2005-1768) - flaws in IPSEC network handling that allowed a local user to cause a denial of service or potentially gain privileges (CVE-2005-2456, CVE-2005-2555) - a flaw in sendmsg() syscall handling on 64-bit systems that allowed a local user to cause a denial of service or potentially gain privileges (CVE-2005-2490) - flaws in unsupported modules that allowed denial-of-service attacks (crashes) or local privilege escalations on systems using the drm, coda, or moxa modules (CVE-2004-1056, CVE-2005-0124, CVE-2005-0504) - potential leaks of kernel data from jfs and ext2 file system handling (CVE-2004-0181, CVE-2005-0400) Note: The kernel-unsupported package contains various drivers and modules that are unsupported and therefore might contain security problems that have not been addressed. All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 19832
    published 2005-10-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19832
    title RHEL 3 : kernel (RHSA-2005:663)
oval via4
accepted 2013-04-29T04:04:46.834-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description The ext2_make_empty function call in the Linux kernel before 2.6.11.6 does not properly initialize memory when creating a block for a new directory entry, which allows local users to obtain potentially sensitive information by reading the block.
family unix
id oval:org.mitre.oval:def:10336
status accepted
submitted 2010-07-09T03:56:16-04:00
title The Linux kernel before 2.6.11 on the Itanium IA64 platform has certain "ptrace corner cases" that allow local users to cause a denial of service (crash) via crafted syscalls, possibly related to MCA/INIT, a different vulnerability than CVE-2005-1761.
version 23
redhat via4
advisories
  • rhsa
    id RHSA-2005:366
  • rhsa
    id RHSA-2005:663
  • rhsa
    id RHSA-2006:0190
  • rhsa
    id RHSA-2006:0191
refmap via4
bid 12932
bugtraq 20050401 Information leak in the Linux kernel ext2 implementation
confirm http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.6
fedora FLSA:152532
misc http://arkoon.net/advisories/ext2-make-empty-leak.txt
secunia
  • 14713
  • 17002
  • 18684
ubuntu USN-103-1
vupen ADV-2005-1878
xf kernel-ext2-information-disclosure(19866)
Last major update 17-10-2016 - 23:11
Published 02-05-2005 - 00:00
Last modified 03-10-2018 - 17:29
Back to Top