CVE-2005-2555

Advisory lineage Upstream: 0 Downstream: 4

Downstream

DSA-1017-1 DSA-1018-1 RHSA-2005:514 RHSA-2005:663

Modified

Published: 16 Aug 2005, 04:00

Last modified:07 Aug 2024, 22:30

Vulnerability Summary

Overall Risk (default)

low

18/100

CVSS Score

4.6 MEDIUM

v2.0 (nvd)

EPSS Score

0.09% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

16 Aug 2005, 04:00

Published

Vulnerability first disclosed

07 Aug 2024, 22:30

Last Modified

Vulnerability information updated

Description

Linux kernel 2.6.x does not properly restrict socket policy access to users with the CAP_NET_ADMIN capability, which could allow local users to conduct unauthorized activities via (1) ipv4/ip_sockglue.c and (2) ipv6/ipv6_sockglue.c.

CVSS Metrics

v2.0•MEDIUM•Score: 4.6AV:L/AC:L/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 0.09%• Percentile: 26%

Techniques & Countermeasures

CWE-264•Permissions, Privileges, and Access Controls
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Affected Systems

debian•debian_linux
3.1
linux•linux_kernel
2.6.0 | 2.6.0:test1 | 2.6.0:test10 | 2.6.0:test11 | 2.6.0:test2 | 2.6.0:test3 | 2.6.0:test4 | 2.6.0:test5 | 2.6.0:test6 | 2.6.0:test7 | 2.6.0:test8 | 2.6.0:test9 | 2.6.1 | 2.6.1:rc1 | 2.6.1:rc2 | 2.6.2 | 2.6.3 | 2.6.4 | 2.6.5 | 2.6.6 | 2.6.6:rc1 | 2.6.7 | 2.6.7:rc1 | 2.6.8 | 2.6.8:rc1 | 2.6.8:rc2 | 2.6.8:rc3 | 2.6.8.1 | 2.6.8.1.5 | 2.6.9:2.6.20 | 2.6.10 | 2.6.10:rc2 | 2.6.11 | 2.6.11:rc1 | 2.6.11:rc2 | 2.6.11:rc3 | 2.6.11:rc4 | 2.6.11.1 | 2.6.11.2 | 2.6.11.3 | 2.6.11.4 | 2.6.11.5 | 2.6.11.6 | 2.6.11.7 | 2.6.11.8 | 2.6.11_rc1_bk6 | 2.6.12:rc1 | 2.6.12:rc4 | 2.6_test9_cvs