CERTA-2003-AVI-204

Vulnerability from certfr_avis - Published: - Updated:

None

Description

Une vulnérabilité est présente dans la fonction do_brk() du noyau Linux (contrôle incorrect de l'adresse haute de la zone mémoire dynamique (TAS) du processus).

Un utilisateur mal intentionné peut exploiter cette vulnérabilité afin d'obtenir les privilèges du super-utilisateur root ou réaliser un déni de service par arrêt brutal du système.

Solution

La version 2.4.23 du noyau Linux corrige cette vulnérabilité.

Linux 2.4.22 et versions antérieures.

Impacted products
Vendor Product Description
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eLinux 2.4.22 et versions ant\u00e9rieures.\u003c/p\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 est pr\u00e9sente dans la fonction do_brk() du noyau Linux\n(contr\u00f4le incorrect de l\u0027adresse haute de la zone m\u00e9moire dynamique\n(TAS) du processus).\n\n  \nUn utilisateur mal intentionn\u00e9 peut exploiter cette vuln\u00e9rabilit\u00e9 afin\nd\u0027obtenir les privil\u00e8ges du super-utilisateur root ou r\u00e9aliser un d\u00e9ni\nde service par arr\u00eat brutal du syst\u00e8me.\n\n## Solution\n\nLa version 2.4.23 du noyau Linux corrige cette vuln\u00e9rabilit\u00e9.\n",
  "cves": [],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 SuSE-SA:2003:049 de SuSE :",
      "url": "http://www.suse.com/de/security/2003_049_kernel.html"
    },
    {
      "title": "Sources du noyau Linux :",
      "url": "http://www.kernel.org"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 GLSA 200312-02 de Gentoo :",
      "url": "http://www.securityfocus.com/advisories/6143"
    }
  ],
  "reference": "CERTA-2003-AVI-204",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2003-12-02T00:00:00.000000"
    },
    {
      "description": "ajout r\u00e9f\u00e9rences aux bulletins de SuSE et Gentoo.",
      "revision_date": "2003-12-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": null,
  "title": "Vuln\u00e9rabilit\u00e9 du noyau Linux",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 MDKSA-2003:110 de Mandrake",
      "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:110"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 DSA-403 de Debian",
      "url": "http://www.debian.org/security/2003/dsa-403"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 RHSA-2003:392 de Red Hat",
      "url": "http://rhn.redhat.com/errata/RHSA-2003-392.html"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.