CVE-2005-0003

Description

The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly check for overlapping VMA (virtual memory address) allocations, which allows local users to cause a denial of service (system crash) or execute arbitrary code via a crafted ELF or a.out file.

CVSS Metrics

• v2.0•LOW•Score: 2.1AV:L/AC:L/Au:N/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 0.09%• Percentile: 26%

Affected Systems

• avaya•converged_communications_server

  2.0

• avaya•modular_messaging_message_storage_server

  1.1 | 2.0

• avaya•s8300

  r2.0.0 | r2.0.1

• avaya•s8500

  r2.0.0 | r2.0.1

• avaya•s8700

  r2.0.0 | r2.0.1

• avaya•s8710

  r2.0.0 | r2.0.1

• linux•linux_kernel

  2.4.0 | 2.4.0:test1 | 2.4.0:test10 | 2.4.0:test11 | 2.4.0:test12 | 2.4.0:test2 | 2.4.0:test3 | 2.4.0:test4 | 2.4.0:test5 | 2.4.0:test6 | 2.4.0:test7 | 2.4.0:test8 | 2.4.0:test9 | 2.4.1 | 2.4.2 | 2.4.3 | 2.4.4 | 2.4.5 | 2.4.6 | 2.4.7 | 2.4.8 | 2.4.9 | 2.4.10 | 2.4.11 | 2.4.12 | 2.4.13 | 2.4.14 | 2.4.15 | 2.4.16 | 2.4.17 | 2.4.18 | 2.4.18:pre1 | 2.4.18:pre2 | 2.4.18:pre3 | 2.4.18:pre4 | 2.4.18:pre5 | 2.4.18:pre6 | 2.4.18:pre7 | 2.4.18:pre8 | 2.4.19 | 2.4.19:pre1 | 2.4.19:pre2 | 2.4.19:pre3 | 2.4.19:pre4 | 2.4.19:pre5 | 2.4.19:pre6 | 2.4.20 | 2.4.21 | 2.4.21:pre1 | 2.4.21:pre4 | 2.4.21:pre7 | 2.4.22 | 2.4.23 | 2.4.23:pre9 | 2.4.23_ow2 | 2.4.24 | 2.4.24_ow1 | 2.4.25 | 2.4.26 | 2.4.27 | 2.4.27:pre1 | 2.4.27:pre2 | 2.4.27:pre3 | 2.4.27:pre4 | 2.4.27:pre5 | 2.4.28 | 2.4.29:rc1 | 2.4.29:rc2

• mandrakesoft•mandrake_linux

  9.2 | 10.0 | 10.1

• mandrakesoft•mandrake_linux_corporate_server

  2.1 | 3.0

• mandrakesoft•mandrake_multi_network_firewall

  8.2

• redhat•enterprise_linux

  3.0

• redhat•enterprise_linux_desktop

  3.0

References (18)

• http://secunia.com/advisories/20163
• http://www.debian.org/security/2006/dsa-1082
• http://www.mandriva.com/security/advisories?name=MDKSA-2005:022
• http://www.novell.com/linux/security/advisories/2005_18_kernel.html
• http://www.redhat.com/support/errata/RHSA-2005-017.html
• http://linux.bkbits.net:8080/linux-2.4/cset%4041c36fb6q1Z68WUzKQFjJR-40Ev3tw
• http://www.debian.org/security/2006/dsa-1070
• https://exchange.xforce.ibmcloud.com/vulnerabilities/18886
• http://www.redhat.com/support/errata/RHSA-2005-043.html
• http://www.trustix.org/errata/2005/0001/
• http://www.securityfocus.com/bid/12261
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9512
• http://www.debian.org/security/2006/dsa-1067
• http://www.debian.org/security/2006/dsa-1069
• http://securitytracker.com/id?1012885
• http://linux.bkbits.net:8080/linux-2.6/cset%4041a6721cce-LoPqkzKXudYby_3TUmg
• http://secunia.com/advisories/20202
• http://secunia.com/advisories/20338