Published: 31/12/2005 Updated: 07/11/2023

CVSS v2 Base Score: 3.6 | Impact Score: 4.9 | Exploitability Score: 3.9

VMScore: 320

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P

Buffer overflow in sysctl in the Linux Kernel 2.6 prior to 2.6.15 allows local users to corrupt user memory and possibly cause a denial of service via a long string, which causes sysctl to write a zero byte outside the buffer. NOTE: since the sysctl is called from a userland program that provides the argument, this might not be a vulnerability, unless a legitimate user-assisted or setuid scenario can be identified.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel 2.6.11
linux linux kernel 2.6.12
linux linux kernel 2.6.14
linux linux kernel 2.6.5
linux linux kernel 2.6.1
linux linux kernel 2.6.13
linux linux kernel 2.6.13.3
linux linux kernel 2.6.11.8
linux linux kernel 2.6.14.4
linux linux kernel 2.6.10
linux linux kernel 2.6.14.3
linux linux kernel 2.6.11.6
linux linux kernel 2.6.11.11
linux linux kernel 2.6.0
linux linux kernel 2.6.3
linux linux kernel 2.6.4
linux linux kernel 2.6_test9_cvs
linux linux kernel 2.6.11.5
linux linux kernel 2.6.7
linux linux kernel 2.6.2
linux linux kernel 2.6.14.5
linux linux kernel 2.6.13.2
linux linux kernel 2.6.8
linux linux kernel 2.6.15
linux linux kernel 2.6.14.1
linux linux kernel 2.6.12.5
linux linux kernel 2.6.12.1
linux linux kernel 2.6.13.4
linux linux kernel 2.6.12.2
linux linux kernel 2.6.12.4
linux linux kernel 2.6.12.3
linux linux kernel 2.6.6
linux linux kernel 2.6.9
linux linux kernel 2.6.12.6
linux linux kernel 2.6.11.7
linux linux kernel 2.6.14.2
linux linux kernel 2.6.11.12
linux linux kernel 2.6.13.1

Doug Chapman discovered a flaw in the reference counting in the sys_mq_open() function By calling this function in a special way, a local attacker could exploit this to cause a kernel crash (CVE-2005-3356) ...

Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2004-1017 Multiple overflows exist in the io_edgeport driver which might be usable as a denial of ...

The original update lacked recompiled ALSA modules against the new kernel ABI Furthermore, kernel-latest-24-sparc now correctly depends on the updated packages For completeness we're providing the original problem description: Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service ...

NVD-CWE-Other http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15 http://www.securityfocus.com/bid/16141 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15 http://secunia.com/advisories/18216 http://www.debian.org/security/2006/dsa-1017 http://www.debian.org/security/2006/dsa-1018 http://secunia.com/advisories/19374 http://secunia.com/advisories/19369 http://secunia.com/advisories/18527 http://www.mandriva.com/security/advisories?name=MDKSA-2006:040 http://www.vupen.com/english/advisories/2006/0035 https://usn.ubuntu.com/244-1/http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8febdd85adaa41fa1fc1cb31286210fc2cd3ed0c https://usn.ubuntu.com/244-1/https://nvd.nist.gov

CVE-2005-4618

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect