ID CVE-2004-0814 Type cve Reporter NVD Modified 2017-10-10T21:29:34
Description
Multiple race conditions in the terminal layer in Linux 2.4.x, and 2.6.x before 2.6.9, allow (1) local users to obtain portions of kernel data via a TIOCSETD ioctl call to a terminal interface that is being accessed by another thread, or (2) remote attackers to cause a denial of service (panic) by switching from console to PPP line discipline, then quickly sending data that is received during the switch.
{"id": "CVE-2004-0814", "bulletinFamily": "NVD", "title": "CVE-2004-0814", "description": "Multiple race conditions in the terminal layer in Linux 2.4.x, and 2.6.x before 2.6.9, allow (1) local users to obtain portions of kernel data via a TIOCSETD ioctl call to a terminal interface that is being accessed by another thread, or (2) remote attackers to cause a denial of service (panic) by switching from console to PPP line discipline, then quickly sending data that is received during the switch.", "published": "2004-12-23T00:00:00", "modified": "2017-10-10T21:29:34", "cvss": {"score": 1.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0814", "reporter": "NVD", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/17816", "http://www.securityfocus.com/archive/1/379005", "http://www.securityfocus.com/bid/11491", "http://www.redhat.com/support/errata/RHSA-2005-293.html", "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=131672", "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=133110", "http://www.mandriva.com/security/advisories?name=MDKSA-2005:022", "http://www.securityfocus.com/bid/11492", "https://bugzilla.fedora.us/show_bug.cgi?id=2336", "http://marc.info/?l=bugtraq&m=110306397320336&w=2"], "cvelist": ["CVE-2004-0814"], "type": "cve", "lastseen": "2017-10-11T11:05:58", "history": [{"bulletin": {"assessment": {"href": "http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10728", "name": "oval:org.mitre.oval:def:10728", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}, "bulletinFamily": "NVD", "cpe": ["cpe:/o:linux:linux_kernel:2.2.20", "cpe:/o:linux:linux_kernel:2.6.6:rc1", "cpe:/o:linux:linux_kernel:2.4.0:test3", "cpe:/o:linux:linux_kernel:2.2.7", "cpe:/o:linux:linux_kernel:2.4.18:pre4", "cpe:/o:linux:linux_kernel:2.2.24", "cpe:/o:linux:linux_kernel:2.4.9", "cpe:/o:linux:linux_kernel:2.6.4", "cpe:/o:linux:linux_kernel:2.6.0:test4", "cpe:/o:linux:linux_kernel:2.4.21", "cpe:/o:linux:linux_kernel:2.2.15", "cpe:/o:linux:linux_kernel:2.4.27:pre1", "cpe:/o:linux:linux_kernel:2.4.24_ow1", "cpe:/o:linux:linux_kernel:2.4.11", "cpe:/o:linux:linux_kernel:2.4.5", "cpe:/o:linux:linux_kernel:2.6.1", "cpe:/o:linux:linux_kernel:2.6.0:test1", "cpe:/o:linux:linux_kernel:2.4.18:pre1", "cpe:/o:linux:linux_kernel:2.4.20", "cpe:/o:linux:linux_kernel:2.4.14", "cpe:/o:linux:linux_kernel:2.2.25", "cpe:/o:linux:linux_kernel:2.4.27:pre3", "cpe:/o:linux:linux_kernel:2.4.0:test1", "cpe:/o:linux:linux_kernel:2.2.21", "cpe:/o:linux:linux_kernel:2.4.19:pre5", "cpe:/o:linux:linux_kernel:2.4.26", "cpe:/o:linux:linux_kernel:2.4.19:pre4", "cpe:/o:linux:linux_kernel:2.4.23_ow2", "cpe:/o:linux:linux_kernel:2.6.1:rc1", "cpe:/o:linux:linux_kernel:2.4.18:pre2", "cpe:/o:linux:linux_kernel:2.4.25", "cpe:/o:linux:linux_kernel:2.6.1:rc2", "cpe:/o:linux:linux_kernel:2.2.1", "cpe:/o:linux:linux_kernel:2.2.18", "cpe:/o:linux:linux_kernel:2.4.8", "cpe:/o:linux:linux_kernel:2.2.14", "cpe:/o:ubuntu:ubuntu_linux:4.1::ia64", "cpe:/o:linux:linux_kernel:2.4.27:pre5", "cpe:/o:linux:linux_kernel:2.4.27:pre4", "cpe:/o:linux:linux_kernel:2.4.0:test8", "cpe:/o:linux:linux_kernel:2.2.16:pre6", "cpe:/o:linux:linux_kernel:2.4.7", "cpe:/o:linux:linux_kernel:2.6.8:rc1", "cpe:/o:linux:linux_kernel:2.4.21:pre1", "cpe:/o:linux:linux_kernel:2.2.17", "cpe:/o:linux:linux_kernel:2.4.2", "cpe:/o:linux:linux_kernel:2.4.18::x86", "cpe:/o:linux:linux_kernel:2.6.3", "cpe:/o:linux:linux_kernel:2.4.22", "cpe:/o:linux:linux_kernel:2.4.0:test4", "cpe:/o:linux:linux_kernel:2.2.15_pre20", "cpe:/o:linux:linux_kernel:2.4.18", "cpe:/o:linux:linux_kernel:2.6.6", "cpe:/o:linux:linux_kernel:2.6.8:rc3", "cpe:/o:linux:linux_kernel:2.2.23", "cpe:/o:linux:linux_kernel:2.4.0:test12", "cpe:/o:linux:linux_kernel:2.6.5", "cpe:/o:linux:linux_kernel:2.4.16", "cpe:/o:linux:linux_kernel:2.4.18:pre7", "cpe:/o:linux:linux_kernel:2.4.4", "cpe:/o:linux:linux_kernel:2.2.3", "cpe:/o:linux:linux_kernel:2.2.16", "cpe:/o:linux:linux_kernel:2.6.0", "cpe:/o:linux:linux_kernel:2.4.0:test9", "cpe:/o:linux:linux_kernel:2.6.2", "cpe:/o:linux:linux_kernel:2.4.23", "cpe:/o:linux:linux_kernel:2.6.0:test2", "cpe:/o:linux:linux_kernel:2.2.10", "cpe:/o:linux:linux_kernel:2.6.0:test7", "cpe:/o:linux:linux_kernel:2.6.0:test8", "cpe:/o:linux:linux_kernel:2.4.12", "cpe:/o:linux:linux_kernel:2.4.0:test5", "cpe:/o:linux:linux_kernel:2.6.0:test10", "cpe:/o:linux:linux_kernel:2.4.18:pre3", "cpe:/o:linux:linux_kernel:2.4.19:pre3", "cpe:/o:linux:linux_kernel:2.6.0:test11", "cpe:/o:linux:linux_kernel:2.4.27:pre2", "cpe:/o:linux:linux_kernel:2.4.13", "cpe:/o:linux:linux_kernel:2.2.9", "cpe:/o:linux:linux_kernel:2.6.0:test6", "cpe:/o:linux:linux_kernel:2.4.0:test7", "cpe:/o:linux:linux_kernel:2.4.0", "cpe:/o:linux:linux_kernel:2.4.18:pre5", "cpe:/o:ubuntu:ubuntu_linux:4.1::ppc", "cpe:/o:linux:linux_kernel:2.2.2", "cpe:/o:linux:linux_kernel:2.2.11", "cpe:/o:linux:linux_kernel:2.6.0:test9", "cpe:/o:linux:linux_kernel:2.4.6", "cpe:/o:linux:linux_kernel:2.4.21:pre4", "cpe:/o:linux:linux_kernel:2.4.10", "cpe:/o:linux:linux_kernel:2.4.0:test2", "cpe:/o:linux:linux_kernel:2.4.18:pre6", "cpe:/o:linux:linux_kernel:2.6.0:test3", "cpe:/o:linux:linux_kernel:2.6.0:test5", "cpe:/o:linux:linux_kernel:2.2.15:pre16", "cpe:/o:linux:linux_kernel:2.6.7", "cpe:/o:linux:linux_kernel:2.4.19:pre1", "cpe:/o:linux:linux_kernel:2.6.8:rc2", "cpe:/o:linux:linux_kernel:2.2.0", "cpe:/o:linux:linux_kernel:2.4.0:test6", "cpe:/o:linux:linux_kernel:2.4.19", "cpe:/o:linux:linux_kernel:2.2.19", "cpe:/o:linux:linux_kernel:2.6_test9_cvs", "cpe:/o:linux:linux_kernel:2.2.13", "cpe:/o:linux:linux_kernel:2.2.12", "cpe:/o:linux:linux_kernel:2.4.23:pre9", "cpe:/o:linux:linux_kernel:2.4.3", "cpe:/o:linux:linux_kernel:2.4.21:pre7", "cpe:/o:linux:linux_kernel:2.4.17", "cpe:/o:linux:linux_kernel:2.4.1", "cpe:/o:linux:linux_kernel:2.4.18:pre8", "cpe:/o:linux:linux_kernel:2.4.15", "cpe:/o:linux:linux_kernel:2.4.0:test11", "cpe:/o:linux:linux_kernel:2.4.19:pre6", "cpe:/o:linux:linux_kernel:2.2.8", "cpe:/o:linux:linux_kernel:2.6.7:rc1", "cpe:/o:linux:linux_kernel:2.4.19:pre2", "cpe:/o:linux:linux_kernel:2.4.0:test10", "cpe:/o:linux:linux_kernel:2.2.22", "cpe:/o:linux:linux_kernel:2.4.24"], "cvelist": ["CVE-2004-0814"], "cvss": {"score": 1.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "Multiple race conditions in the terminal layer in Linux 2.4.x, and 2.6.x before 2.6.9, allow (1) local users to obtain portions of kernel data via a TIOCSETD ioctl call to a terminal interface that is being accessed by another thread, or (2) remote attackers to cause a denial of service (panic) by switching from console to PPP line discipline, then quickly sending data that is received during the switch.", "edition": 1, "hash": "118ac886e8411bff8947329afcb831db733a61de516a3c707d29235072a6ad44", "hashmap": [{"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "d55abb1122daad3f88a8f21d5e518ba2", "key": "scanner"}, {"hash": "1964cb46507988f62fd65c198801fd12", "key": "description"}, {"hash": "fce2224f252a3c8107faaaa6c128aa03", "key": "assessment"}, {"hash": "44c1580e7142775aa5e33bae9c6a60de", "key": "cpe"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "ee3ee9f6ba6d92f0113f97ff96339134", "key": "published"}, {"hash": "23a068c4eef88390bb9e65ed1dd4e4af", "key": "href"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "eefa5f428ab5e80c16117beb4647458b", "key": "title"}, {"hash": "3e616f7be7ad0d05334ae98d61fc56f2", "key": "modified"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "52957671fbb6d42b6d82bf68c010e6aa", "key": "cvelist"}, {"hash": "d30591108cc8d58659cdc56d2f62598b", "key": "references"}, {"hash": "5820fa9cf3e5a624f702fd46ec25d24b", "key": "cvss"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0814", "id": "CVE-2004-0814", "lastseen": "2016-09-03T04:28:20", "modified": "2010-08-21T00:21:19", "objectVersion": "1.2", "published": "2004-12-23T00:00:00", "references": ["http://www.securityfocus.com/archive/1/379005", "http://www.securityfocus.com/bid/11491", "http://marc.theaimsgroup.com/?l=bugtraq&m=110306397320336&w=2", "http://www.redhat.com/support/errata/RHSA-2005-293.html", "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=131672", "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=133110", "http://xforce.iss.net/xforce/xfdb/17816", "http://www.mandriva.com/security/advisories?name=MDKSA-2005:022", "http://www.securityfocus.com/bid/11492", "https://bugzilla.fedora.us/show_bug.cgi?id=2336"], "reporter": "NVD", "scanner": [{"href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10728", "name": "oval:org.mitre.oval:def:10728", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}], "title": "CVE-2004-0814", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T04:28:20"}, {"bulletin": {"assessment": {"href": "http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10728", "name": "oval:org.mitre.oval:def:10728", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}, "bulletinFamily": "NVD", "cpe": ["cpe:/o:linux:linux_kernel:2.2.20", "cpe:/o:linux:linux_kernel:2.6.6:rc1", "cpe:/o:linux:linux_kernel:2.4.0:test3", "cpe:/o:linux:linux_kernel:2.2.7", "cpe:/o:linux:linux_kernel:2.4.18:pre4", "cpe:/o:linux:linux_kernel:2.2.24", "cpe:/o:linux:linux_kernel:2.4.9", "cpe:/o:linux:linux_kernel:2.6.4", "cpe:/o:linux:linux_kernel:2.6.0:test4", "cpe:/o:linux:linux_kernel:2.4.21", "cpe:/o:linux:linux_kernel:2.2.15", "cpe:/o:linux:linux_kernel:2.4.27:pre1", "cpe:/o:linux:linux_kernel:2.4.24_ow1", "cpe:/o:linux:linux_kernel:2.4.11", "cpe:/o:linux:linux_kernel:2.4.5", "cpe:/o:linux:linux_kernel:2.6.1", "cpe:/o:linux:linux_kernel:2.6.0:test1", "cpe:/o:linux:linux_kernel:2.4.18:pre1", "cpe:/o:linux:linux_kernel:2.4.20", "cpe:/o:linux:linux_kernel:2.4.14", "cpe:/o:linux:linux_kernel:2.2.25", "cpe:/o:linux:linux_kernel:2.4.27:pre3", "cpe:/o:linux:linux_kernel:2.4.0:test1", "cpe:/o:linux:linux_kernel:2.2.21", "cpe:/o:linux:linux_kernel:2.4.19:pre5", "cpe:/o:linux:linux_kernel:2.4.26", "cpe:/o:linux:linux_kernel:2.4.19:pre4", "cpe:/o:linux:linux_kernel:2.4.23_ow2", "cpe:/o:linux:linux_kernel:2.6.1:rc1", "cpe:/o:linux:linux_kernel:2.4.18:pre2", "cpe:/o:linux:linux_kernel:2.4.25", "cpe:/o:linux:linux_kernel:2.6.1:rc2", "cpe:/o:linux:linux_kernel:2.2.1", "cpe:/o:linux:linux_kernel:2.2.18", "cpe:/o:linux:linux_kernel:2.4.8", "cpe:/o:linux:linux_kernel:2.2.14", "cpe:/o:ubuntu:ubuntu_linux:4.1::ia64", "cpe:/o:linux:linux_kernel:2.4.27:pre5", "cpe:/o:linux:linux_kernel:2.4.27:pre4", "cpe:/o:linux:linux_kernel:2.4.0:test8", "cpe:/o:linux:linux_kernel:2.2.16:pre6", "cpe:/o:linux:linux_kernel:2.4.7", "cpe:/o:linux:linux_kernel:2.6.8:rc1", "cpe:/o:linux:linux_kernel:2.4.21:pre1", "cpe:/o:linux:linux_kernel:2.2.17", "cpe:/o:linux:linux_kernel:2.4.2", "cpe:/o:linux:linux_kernel:2.4.18::x86", "cpe:/o:linux:linux_kernel:2.6.3", "cpe:/o:linux:linux_kernel:2.4.22", "cpe:/o:linux:linux_kernel:2.4.0:test4", "cpe:/o:linux:linux_kernel:2.2.15_pre20", "cpe:/o:linux:linux_kernel:2.4.18", "cpe:/o:linux:linux_kernel:2.6.6", "cpe:/o:linux:linux_kernel:2.6.8:rc3", "cpe:/o:linux:linux_kernel:2.2.23", "cpe:/o:linux:linux_kernel:2.4.0:test12", "cpe:/o:linux:linux_kernel:2.6.5", "cpe:/o:linux:linux_kernel:2.4.16", "cpe:/o:linux:linux_kernel:2.4.18:pre7", "cpe:/o:linux:linux_kernel:2.4.4", "cpe:/o:linux:linux_kernel:2.2.3", "cpe:/o:linux:linux_kernel:2.2.16", "cpe:/o:linux:linux_kernel:2.6.0", "cpe:/o:linux:linux_kernel:2.4.0:test9", "cpe:/o:linux:linux_kernel:2.6.2", "cpe:/o:linux:linux_kernel:2.4.23", "cpe:/o:linux:linux_kernel:2.6.0:test2", "cpe:/o:linux:linux_kernel:2.2.10", "cpe:/o:linux:linux_kernel:2.6.0:test7", "cpe:/o:linux:linux_kernel:2.6.0:test8", "cpe:/o:linux:linux_kernel:2.4.12", "cpe:/o:linux:linux_kernel:2.4.0:test5", "cpe:/o:linux:linux_kernel:2.6.0:test10", "cpe:/o:linux:linux_kernel:2.4.18:pre3", "cpe:/o:linux:linux_kernel:2.4.19:pre3", "cpe:/o:linux:linux_kernel:2.6.0:test11", "cpe:/o:linux:linux_kernel:2.4.27:pre2", "cpe:/o:linux:linux_kernel:2.4.13", "cpe:/o:linux:linux_kernel:2.2.9", "cpe:/o:linux:linux_kernel:2.6.0:test6", "cpe:/o:linux:linux_kernel:2.4.0:test7", "cpe:/o:linux:linux_kernel:2.4.0", "cpe:/o:linux:linux_kernel:2.4.18:pre5", "cpe:/o:ubuntu:ubuntu_linux:4.1::ppc", "cpe:/o:linux:linux_kernel:2.2.2", "cpe:/o:linux:linux_kernel:2.2.11", "cpe:/o:linux:linux_kernel:2.6.0:test9", "cpe:/o:linux:linux_kernel:2.4.6", "cpe:/o:linux:linux_kernel:2.4.21:pre4", "cpe:/o:linux:linux_kernel:2.4.10", "cpe:/o:linux:linux_kernel:2.4.0:test2", "cpe:/o:linux:linux_kernel:2.4.18:pre6", "cpe:/o:linux:linux_kernel:2.6.0:test3", "cpe:/o:linux:linux_kernel:2.6.0:test5", "cpe:/o:linux:linux_kernel:2.2.15:pre16", "cpe:/o:linux:linux_kernel:2.6.7", "cpe:/o:linux:linux_kernel:2.4.19:pre1", "cpe:/o:linux:linux_kernel:2.6.8:rc2", "cpe:/o:linux:linux_kernel:2.2.0", "cpe:/o:linux:linux_kernel:2.4.0:test6", "cpe:/o:linux:linux_kernel:2.4.19", "cpe:/o:linux:linux_kernel:2.2.19", "cpe:/o:linux:linux_kernel:2.6_test9_cvs", "cpe:/o:linux:linux_kernel:2.2.13", "cpe:/o:linux:linux_kernel:2.2.12", "cpe:/o:linux:linux_kernel:2.4.23:pre9", "cpe:/o:linux:linux_kernel:2.4.3", "cpe:/o:linux:linux_kernel:2.4.21:pre7", "cpe:/o:linux:linux_kernel:2.4.17", "cpe:/o:linux:linux_kernel:2.4.1", "cpe:/o:linux:linux_kernel:2.4.18:pre8", "cpe:/o:linux:linux_kernel:2.4.15", "cpe:/o:linux:linux_kernel:2.4.0:test11", "cpe:/o:linux:linux_kernel:2.4.19:pre6", "cpe:/o:linux:linux_kernel:2.2.8", "cpe:/o:linux:linux_kernel:2.6.7:rc1", "cpe:/o:linux:linux_kernel:2.4.19:pre2", "cpe:/o:linux:linux_kernel:2.4.0:test10", "cpe:/o:linux:linux_kernel:2.2.22", "cpe:/o:linux:linux_kernel:2.4.24"], "cvelist": ["CVE-2004-0814"], "cvss": {"score": 1.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "Multiple race conditions in the terminal layer in Linux 2.4.x, and 2.6.x before 2.6.9, allow (1) local users to obtain portions of kernel data via a TIOCSETD ioctl call to a terminal interface that is being accessed by another thread, or (2) remote attackers to cause a denial of service (panic) by switching from console to PPP line discipline, then quickly sending data that is received during the switch.", "edition": 3, "enchantments": {}, "hash": "8b738e0923cbc222ee113417b9f39b6e092a74689b8d3a61de4f1fc6f2a683cf", "hashmap": [{"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "d55abb1122daad3f88a8f21d5e518ba2", "key": "scanner"}, {"hash": "1964cb46507988f62fd65c198801fd12", "key": "description"}, {"hash": "fce2224f252a3c8107faaaa6c128aa03", "key": "assessment"}, {"hash": "44c1580e7142775aa5e33bae9c6a60de", "key": "cpe"}, {"hash": "ee3ee9f6ba6d92f0113f97ff96339134", "key": "published"}, {"hash": "23a068c4eef88390bb9e65ed1dd4e4af", "key": "href"}, {"hash": "b4fcfe7f4aae8c29bb8c666f2453a5a9", "key": "modified"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "eefa5f428ab5e80c16117beb4647458b", "key": "title"}, {"hash": "a9ff14738f17c9b4906d326821e4d11e", "key": "references"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "52957671fbb6d42b6d82bf68c010e6aa", "key": "cvelist"}, {"hash": "5820fa9cf3e5a624f702fd46ec25d24b", "key": "cvss"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0814", "id": "CVE-2004-0814", "lastseen": "2017-07-11T11:14:28", "modified": "2017-07-10T21:30:29", "objectVersion": "1.3", "published": "2004-12-23T00:00:00", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/17816", "http://www.securityfocus.com/archive/1/379005", "http://www.securityfocus.com/bid/11491", "http://www.redhat.com/support/errata/RHSA-2005-293.html", "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=131672", "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=133110", "http://www.mandriva.com/security/advisories?name=MDKSA-2005:022", "http://www.securityfocus.com/bid/11492", "https://bugzilla.fedora.us/show_bug.cgi?id=2336", "http://marc.info/?l=bugtraq&m=110306397320336&w=2"], "reporter": "NVD", "scanner": [{"href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10728", "name": "oval:org.mitre.oval:def:10728", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}], "title": "CVE-2004-0814", "type": "cve", "viewCount": 0}, "differentElements": ["assessment", "modified"], "edition": 3, "lastseen": "2017-07-11T11:14:28"}, {"bulletin": {"assessment": {"href": "http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10728", "name": "oval:org.mitre.oval:def:10728", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}, "bulletinFamily": "NVD", "cpe": ["cpe:/o:linux:linux_kernel:2.2.20", "cpe:/o:linux:linux_kernel:2.6.6:rc1", "cpe:/o:linux:linux_kernel:2.4.0:test3", "cpe:/o:linux:linux_kernel:2.2.7", "cpe:/o:linux:linux_kernel:2.4.18:pre4", "cpe:/o:linux:linux_kernel:2.2.24", "cpe:/o:linux:linux_kernel:2.4.9", "cpe:/o:linux:linux_kernel:2.6.4", "cpe:/o:linux:linux_kernel:2.6.0:test4", "cpe:/o:linux:linux_kernel:2.4.21", "cpe:/o:linux:linux_kernel:2.2.15", "cpe:/o:linux:linux_kernel:2.4.27:pre1", "cpe:/o:linux:linux_kernel:2.4.24_ow1", "cpe:/o:linux:linux_kernel:2.4.11", "cpe:/o:linux:linux_kernel:2.4.5", "cpe:/o:linux:linux_kernel:2.6.1", "cpe:/o:linux:linux_kernel:2.6.0:test1", "cpe:/o:linux:linux_kernel:2.4.18:pre1", "cpe:/o:linux:linux_kernel:2.4.20", "cpe:/o:linux:linux_kernel:2.4.14", "cpe:/o:linux:linux_kernel:2.2.25", "cpe:/o:linux:linux_kernel:2.4.27:pre3", "cpe:/o:linux:linux_kernel:2.4.0:test1", "cpe:/o:linux:linux_kernel:2.2.21", "cpe:/o:linux:linux_kernel:2.4.19:pre5", "cpe:/o:linux:linux_kernel:2.4.26", "cpe:/o:linux:linux_kernel:2.4.19:pre4", "cpe:/o:linux:linux_kernel:2.4.23_ow2", "cpe:/o:linux:linux_kernel:2.6.1:rc1", "cpe:/o:linux:linux_kernel:2.4.18:pre2", "cpe:/o:linux:linux_kernel:2.4.25", "cpe:/o:linux:linux_kernel:2.6.1:rc2", "cpe:/o:linux:linux_kernel:2.2.1", "cpe:/o:linux:linux_kernel:2.2.18", "cpe:/o:linux:linux_kernel:2.4.8", "cpe:/o:linux:linux_kernel:2.2.14", "cpe:/o:ubuntu:ubuntu_linux:4.1::ia64", "cpe:/o:linux:linux_kernel:2.4.27:pre5", "cpe:/o:linux:linux_kernel:2.4.27:pre4", "cpe:/o:linux:linux_kernel:2.4.0:test8", "cpe:/o:linux:linux_kernel:2.2.16:pre6", "cpe:/o:linux:linux_kernel:2.4.7", "cpe:/o:linux:linux_kernel:2.6.8:rc1", "cpe:/o:linux:linux_kernel:2.4.21:pre1", "cpe:/o:linux:linux_kernel:2.2.17", "cpe:/o:linux:linux_kernel:2.4.2", "cpe:/o:linux:linux_kernel:2.4.18::x86", "cpe:/o:linux:linux_kernel:2.6.3", "cpe:/o:linux:linux_kernel:2.4.22", "cpe:/o:linux:linux_kernel:2.4.0:test4", "cpe:/o:linux:linux_kernel:2.2.15_pre20", "cpe:/o:linux:linux_kernel:2.4.18", "cpe:/o:linux:linux_kernel:2.6.6", "cpe:/o:linux:linux_kernel:2.6.8:rc3", "cpe:/o:linux:linux_kernel:2.2.23", "cpe:/o:linux:linux_kernel:2.4.0:test12", "cpe:/o:linux:linux_kernel:2.6.5", "cpe:/o:linux:linux_kernel:2.4.16", "cpe:/o:linux:linux_kernel:2.4.18:pre7", "cpe:/o:linux:linux_kernel:2.4.4", "cpe:/o:linux:linux_kernel:2.2.3", "cpe:/o:linux:linux_kernel:2.2.16", "cpe:/o:linux:linux_kernel:2.6.0", "cpe:/o:linux:linux_kernel:2.4.0:test9", "cpe:/o:linux:linux_kernel:2.6.2", "cpe:/o:linux:linux_kernel:2.4.23", "cpe:/o:linux:linux_kernel:2.6.0:test2", "cpe:/o:linux:linux_kernel:2.2.10", "cpe:/o:linux:linux_kernel:2.6.0:test7", "cpe:/o:linux:linux_kernel:2.6.0:test8", "cpe:/o:linux:linux_kernel:2.4.12", "cpe:/o:linux:linux_kernel:2.4.0:test5", "cpe:/o:linux:linux_kernel:2.6.0:test10", "cpe:/o:linux:linux_kernel:2.4.18:pre3", "cpe:/o:linux:linux_kernel:2.4.19:pre3", "cpe:/o:linux:linux_kernel:2.6.0:test11", "cpe:/o:linux:linux_kernel:2.4.27:pre2", "cpe:/o:linux:linux_kernel:2.4.13", "cpe:/o:linux:linux_kernel:2.2.9", "cpe:/o:linux:linux_kernel:2.6.0:test6", "cpe:/o:linux:linux_kernel:2.4.0:test7", "cpe:/o:linux:linux_kernel:2.4.0", "cpe:/o:linux:linux_kernel:2.4.18:pre5", "cpe:/o:ubuntu:ubuntu_linux:4.1::ppc", "cpe:/o:linux:linux_kernel:2.2.2", "cpe:/o:linux:linux_kernel:2.2.11", "cpe:/o:linux:linux_kernel:2.6.0:test9", "cpe:/o:linux:linux_kernel:2.4.6", "cpe:/o:linux:linux_kernel:2.4.21:pre4", "cpe:/o:linux:linux_kernel:2.4.10", "cpe:/o:linux:linux_kernel:2.4.0:test2", "cpe:/o:linux:linux_kernel:2.4.18:pre6", "cpe:/o:linux:linux_kernel:2.6.0:test3", "cpe:/o:linux:linux_kernel:2.6.0:test5", "cpe:/o:linux:linux_kernel:2.2.15:pre16", "cpe:/o:linux:linux_kernel:2.6.7", "cpe:/o:linux:linux_kernel:2.4.19:pre1", "cpe:/o:linux:linux_kernel:2.6.8:rc2", "cpe:/o:linux:linux_kernel:2.2.0", "cpe:/o:linux:linux_kernel:2.4.0:test6", "cpe:/o:linux:linux_kernel:2.4.19", "cpe:/o:linux:linux_kernel:2.2.19", "cpe:/o:linux:linux_kernel:2.6_test9_cvs", "cpe:/o:linux:linux_kernel:2.2.13", "cpe:/o:linux:linux_kernel:2.2.12", "cpe:/o:linux:linux_kernel:2.4.23:pre9", "cpe:/o:linux:linux_kernel:2.4.3", "cpe:/o:linux:linux_kernel:2.4.21:pre7", "cpe:/o:linux:linux_kernel:2.4.17", "cpe:/o:linux:linux_kernel:2.4.1", "cpe:/o:linux:linux_kernel:2.4.18:pre8", "cpe:/o:linux:linux_kernel:2.4.15", "cpe:/o:linux:linux_kernel:2.4.0:test11", "cpe:/o:linux:linux_kernel:2.4.19:pre6", "cpe:/o:linux:linux_kernel:2.2.8", "cpe:/o:linux:linux_kernel:2.6.7:rc1", "cpe:/o:linux:linux_kernel:2.4.19:pre2", "cpe:/o:linux:linux_kernel:2.4.0:test10", "cpe:/o:linux:linux_kernel:2.2.22", "cpe:/o:linux:linux_kernel:2.4.24"], "cvelist": ["CVE-2004-0814"], "cvss": {"score": 1.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "Multiple race conditions in the terminal layer in Linux 2.4.x, and 2.6.x before 2.6.9, allow (1) local users to obtain portions of kernel data via a TIOCSETD ioctl call to a terminal interface that is being accessed by another thread, or (2) remote attackers to cause a denial of service (panic) by switching from console to PPP line discipline, then quickly sending data that is received during the switch.", "edition": 2, "enchantments": {}, "hash": "01433ca6759098a55c06f9b07bc632d1abe185078ec3ad5c199b0f73b1022ba8", "hashmap": [{"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "619ef944b884a29d6aada988d7350846", "key": "references"}, {"hash": "d55abb1122daad3f88a8f21d5e518ba2", "key": "scanner"}, {"hash": "1964cb46507988f62fd65c198801fd12", "key": "description"}, {"hash": "fce2224f252a3c8107faaaa6c128aa03", "key": "assessment"}, {"hash": "44c1580e7142775aa5e33bae9c6a60de", "key": "cpe"}, {"hash": "ee3ee9f6ba6d92f0113f97ff96339134", "key": "published"}, {"hash": "23a068c4eef88390bb9e65ed1dd4e4af", "key": "href"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "eefa5f428ab5e80c16117beb4647458b", "key": "title"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "52957671fbb6d42b6d82bf68c010e6aa", "key": "cvelist"}, {"hash": "5e6d8029f5a2d778a08758f903db2976", "key": "modified"}, {"hash": "5820fa9cf3e5a624f702fd46ec25d24b", "key": "cvss"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0814", "id": "CVE-2004-0814", "lastseen": "2017-04-18T15:50:22", "modified": "2016-10-17T22:49:13", "objectVersion": "1.2", "published": "2004-12-23T00:00:00", "references": ["http://www.securityfocus.com/archive/1/379005", "http://www.securityfocus.com/bid/11491", "http://www.redhat.com/support/errata/RHSA-2005-293.html", "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=131672", "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=133110", "http://xforce.iss.net/xforce/xfdb/17816", "http://www.mandriva.com/security/advisories?name=MDKSA-2005:022", "http://www.securityfocus.com/bid/11492", "https://bugzilla.fedora.us/show_bug.cgi?id=2336", "http://marc.info/?l=bugtraq&m=110306397320336&w=2"], "reporter": "NVD", "scanner": [{"href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10728", "name": "oval:org.mitre.oval:def:10728", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}], "title": "CVE-2004-0814", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 2, "lastseen": "2017-04-18T15:50:22"}], "edition": 4, "hashmap": [{"key": "assessment", "hash": "6bd249a6ff202372968dbd3868137181"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "44c1580e7142775aa5e33bae9c6a60de"}, {"key": "cvelist", "hash": "52957671fbb6d42b6d82bf68c010e6aa"}, {"key": "cvss", "hash": "5820fa9cf3e5a624f702fd46ec25d24b"}, {"key": "description", "hash": "1964cb46507988f62fd65c198801fd12"}, {"key": "href", "hash": "23a068c4eef88390bb9e65ed1dd4e4af"}, {"key": "modified", "hash": "cf0f70dc9e8ec945f341d8717d23e81f"}, {"key": "published", "hash": "ee3ee9f6ba6d92f0113f97ff96339134"}, {"key": "references", "hash": "a9ff14738f17c9b4906d326821e4d11e"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d55abb1122daad3f88a8f21d5e518ba2"}, {"key": "title", "hash": "eefa5f428ab5e80c16117beb4647458b"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "e4f077578912e481e4d359cb256862f3f25949faec219256ae32d5db1dbbc6ad", "viewCount": 0, "enchantments": {"vulnersScore": 2.1}, "objectVersion": "1.3", "cpe": ["cpe:/o:linux:linux_kernel:2.2.20", "cpe:/o:linux:linux_kernel:2.6.6:rc1", "cpe:/o:linux:linux_kernel:2.4.0:test3", "cpe:/o:linux:linux_kernel:2.2.7", "cpe:/o:linux:linux_kernel:2.4.18:pre4", "cpe:/o:linux:linux_kernel:2.2.24", "cpe:/o:linux:linux_kernel:2.4.9", "cpe:/o:linux:linux_kernel:2.6.4", "cpe:/o:linux:linux_kernel:2.6.0:test4", "cpe:/o:linux:linux_kernel:2.4.21", "cpe:/o:linux:linux_kernel:2.2.15", "cpe:/o:linux:linux_kernel:2.4.27:pre1", "cpe:/o:linux:linux_kernel:2.4.24_ow1", "cpe:/o:linux:linux_kernel:2.4.11", "cpe:/o:linux:linux_kernel:2.4.5", "cpe:/o:linux:linux_kernel:2.6.1", "cpe:/o:linux:linux_kernel:2.6.0:test1", "cpe:/o:linux:linux_kernel:2.4.18:pre1", "cpe:/o:linux:linux_kernel:2.4.20", "cpe:/o:linux:linux_kernel:2.4.14", "cpe:/o:linux:linux_kernel:2.2.25", "cpe:/o:linux:linux_kernel:2.4.27:pre3", "cpe:/o:linux:linux_kernel:2.4.0:test1", "cpe:/o:linux:linux_kernel:2.2.21", "cpe:/o:linux:linux_kernel:2.4.19:pre5", "cpe:/o:linux:linux_kernel:2.4.26", "cpe:/o:linux:linux_kernel:2.4.19:pre4", "cpe:/o:linux:linux_kernel:2.4.23_ow2", "cpe:/o:linux:linux_kernel:2.6.1:rc1", "cpe:/o:linux:linux_kernel:2.4.18:pre2", "cpe:/o:linux:linux_kernel:2.4.25", "cpe:/o:linux:linux_kernel:2.6.1:rc2", "cpe:/o:linux:linux_kernel:2.2.1", "cpe:/o:linux:linux_kernel:2.2.18", "cpe:/o:linux:linux_kernel:2.4.8", "cpe:/o:linux:linux_kernel:2.2.14", "cpe:/o:ubuntu:ubuntu_linux:4.1::ia64", "cpe:/o:linux:linux_kernel:2.4.27:pre5", "cpe:/o:linux:linux_kernel:2.4.27:pre4", "cpe:/o:linux:linux_kernel:2.4.0:test8", "cpe:/o:linux:linux_kernel:2.2.16:pre6", "cpe:/o:linux:linux_kernel:2.4.7", "cpe:/o:linux:linux_kernel:2.6.8:rc1", "cpe:/o:linux:linux_kernel:2.4.21:pre1", "cpe:/o:linux:linux_kernel:2.2.17", "cpe:/o:linux:linux_kernel:2.4.2", "cpe:/o:linux:linux_kernel:2.4.18::x86", "cpe:/o:linux:linux_kernel:2.6.3", "cpe:/o:linux:linux_kernel:2.4.22", "cpe:/o:linux:linux_kernel:2.4.0:test4", "cpe:/o:linux:linux_kernel:2.2.15_pre20", "cpe:/o:linux:linux_kernel:2.4.18", "cpe:/o:linux:linux_kernel:2.6.6", "cpe:/o:linux:linux_kernel:2.6.8:rc3", "cpe:/o:linux:linux_kernel:2.2.23", "cpe:/o:linux:linux_kernel:2.4.0:test12", "cpe:/o:linux:linux_kernel:2.6.5", "cpe:/o:linux:linux_kernel:2.4.16", "cpe:/o:linux:linux_kernel:2.4.18:pre7", "cpe:/o:linux:linux_kernel:2.4.4", "cpe:/o:linux:linux_kernel:2.2.3", "cpe:/o:linux:linux_kernel:2.2.16", "cpe:/o:linux:linux_kernel:2.6.0", "cpe:/o:linux:linux_kernel:2.4.0:test9", "cpe:/o:linux:linux_kernel:2.6.2", "cpe:/o:linux:linux_kernel:2.4.23", "cpe:/o:linux:linux_kernel:2.6.0:test2", "cpe:/o:linux:linux_kernel:2.2.10", "cpe:/o:linux:linux_kernel:2.6.0:test7", "cpe:/o:linux:linux_kernel:2.6.0:test8", "cpe:/o:linux:linux_kernel:2.4.12", "cpe:/o:linux:linux_kernel:2.4.0:test5", "cpe:/o:linux:linux_kernel:2.6.0:test10", "cpe:/o:linux:linux_kernel:2.4.18:pre3", "cpe:/o:linux:linux_kernel:2.4.19:pre3", "cpe:/o:linux:linux_kernel:2.6.0:test11", "cpe:/o:linux:linux_kernel:2.4.27:pre2", "cpe:/o:linux:linux_kernel:2.4.13", "cpe:/o:linux:linux_kernel:2.2.9", "cpe:/o:linux:linux_kernel:2.6.0:test6", "cpe:/o:linux:linux_kernel:2.4.0:test7", "cpe:/o:linux:linux_kernel:2.4.0", "cpe:/o:linux:linux_kernel:2.4.18:pre5", "cpe:/o:ubuntu:ubuntu_linux:4.1::ppc", "cpe:/o:linux:linux_kernel:2.2.2", "cpe:/o:linux:linux_kernel:2.2.11", "cpe:/o:linux:linux_kernel:2.6.0:test9", "cpe:/o:linux:linux_kernel:2.4.6", "cpe:/o:linux:linux_kernel:2.4.21:pre4", "cpe:/o:linux:linux_kernel:2.4.10", "cpe:/o:linux:linux_kernel:2.4.0:test2", "cpe:/o:linux:linux_kernel:2.4.18:pre6", "cpe:/o:linux:linux_kernel:2.6.0:test3", "cpe:/o:linux:linux_kernel:2.6.0:test5", "cpe:/o:linux:linux_kernel:2.2.15:pre16", "cpe:/o:linux:linux_kernel:2.6.7", "cpe:/o:linux:linux_kernel:2.4.19:pre1", "cpe:/o:linux:linux_kernel:2.6.8:rc2", "cpe:/o:linux:linux_kernel:2.2.0", "cpe:/o:linux:linux_kernel:2.4.0:test6", "cpe:/o:linux:linux_kernel:2.4.19", "cpe:/o:linux:linux_kernel:2.2.19", "cpe:/o:linux:linux_kernel:2.6_test9_cvs", "cpe:/o:linux:linux_kernel:2.2.13", "cpe:/o:linux:linux_kernel:2.2.12", "cpe:/o:linux:linux_kernel:2.4.23:pre9", "cpe:/o:linux:linux_kernel:2.4.3", "cpe:/o:linux:linux_kernel:2.4.21:pre7", "cpe:/o:linux:linux_kernel:2.4.17", "cpe:/o:linux:linux_kernel:2.4.1", "cpe:/o:linux:linux_kernel:2.4.18:pre8", "cpe:/o:linux:linux_kernel:2.4.15", "cpe:/o:linux:linux_kernel:2.4.0:test11", "cpe:/o:linux:linux_kernel:2.4.19:pre6", "cpe:/o:linux:linux_kernel:2.2.8", "cpe:/o:linux:linux_kernel:2.6.7:rc1", "cpe:/o:linux:linux_kernel:2.4.19:pre2", "cpe:/o:linux:linux_kernel:2.4.0:test10", "cpe:/o:linux:linux_kernel:2.2.22", "cpe:/o:linux:linux_kernel:2.4.24"], "assessment": {"href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10728", "name": "oval:org.mitre.oval:def:10728", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}, "scanner": [{"href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10728", "name": "oval:org.mitre.oval:def:10728", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}]}
{"result": {"osvdb": [{"id": "OSVDB:11045", "type": "osvdb", "title": "Linux Kernel PPP/Terminal Subsystem Denial of Service", "description": "## Vulnerability Description\nThe Linux kernel's PPP subsystem contains a flaw that may allow a malicious user to crash a remote host. This is due to a race condition in the PPP system -- if an attacker connects via PPP and then issues the command to switch from console to terminal mode and then sends data at precisely the right moment so that it arrives as the line is making the disclipline switch, the condition will be triggered. It is likely that the flaw will cause an operating system lock, resulting in a loss of availability.\n## Solution Description\nUpgrade to version 2.6.9 or higher for 2.6 series kernels, and apply the latest patches for 2.4 series kernels, as these upgrades have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nThe Linux kernel's PPP subsystem contains a flaw that may allow a malicious user to crash a remote host. This is due to a race condition in the PPP system -- if an attacker connects via PPP and then issues the command to switch from console to terminal mode and then sends data at precisely the right moment so that it arrives as the line is making the disclipline switch, the condition will be triggered. It is likely that the flaw will cause an operating system lock, resulting in a loss of availability.\n## References:\nVendor URL: http://www.kernel.org/\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2005-120_RHSA-2005-283_RHSA-2005-284_RHSA-2005-293_RHSA-2005-472.pdf)\n[Secunia Advisory ID:12951](https://secuniaresearch.flexerasoftware.com/advisories/12951/)\n[Secunia Advisory ID:15092](https://secuniaresearch.flexerasoftware.com/advisories/15092/)\n[Secunia Advisory ID:14002](https://secuniaresearch.flexerasoftware.com/advisories/14002/)\n[Secunia Advisory ID:14710](https://secuniaresearch.flexerasoftware.com/advisories/14710/)\n[Related OSVDB ID: 11044](https://vulners.com/osvdb/OSVDB:11044)\nRedHat RHSA: RHSA-2005:293\nOther Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2005_18_kernel.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-10/0212.html\nISS X-Force ID: 17817\n[CVE-2004-0814](https://vulners.com/cve/CVE-2004-0814)\n", "published": "2004-10-20T17:43:02", "cvss": {"score": 1.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:11045", "cvelist": ["CVE-2004-0814"], "lastseen": "2017-04-28T13:20:06"}, {"id": "OSVDB:11044", "type": "osvdb", "title": "Linux Kernel Terminal Subsystem TIOCSETLD Call Memory Disclosure", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.kernel.org/\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2005-120_RHSA-2005-283_RHSA-2005-284_RHSA-2005-293_RHSA-2005-472.pdf)\n[Secunia Advisory ID:12951](https://secuniaresearch.flexerasoftware.com/advisories/12951/)\n[Secunia Advisory ID:15092](https://secuniaresearch.flexerasoftware.com/advisories/15092/)\n[Secunia Advisory ID:14002](https://secuniaresearch.flexerasoftware.com/advisories/14002/)\n[Secunia Advisory ID:14710](https://secuniaresearch.flexerasoftware.com/advisories/14710/)\n[Related OSVDB ID: 11045](https://vulners.com/osvdb/OSVDB:11045)\nRedHat RHSA: RHSA-2005:293\nOther Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2005_18_kernel.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-10/0212.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-10/0264.html\n[CVE-2004-0814](https://vulners.com/cve/CVE-2004-0814)\n", "published": "2004-10-20T15:48:02", "cvss": {"score": 1.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:11044", "cvelist": ["CVE-2004-0814"], "lastseen": "2017-04-28T13:20:06"}], "ubuntu": [{"id": "USN-38-1", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "description": "CAN-2004-0814:\n\nVitaly V. Bursov discovered a Denial of Service vulnerability in the \u201cserio\u201d code; opening the same tty device twice and doing some particular operations on it caused a kernel panic and/or a system lockup.\n\nFixing this vulnerability required a change in the Application Binary Interface (ABI) of the kernel. This means that third party user installed modules might not work any more with the new kernel, so this fixed kernel got a new ABI version number. You have to recompile and reinstall all third party modules.\n\nCAN-2004-1016:\n\nPaul Starzetz discovered a buffer overflow vulnerability in the \u201c__scm_send\u201d function which handles the sending of UDP network packets. A wrong validity check of the cmsghdr structure allowed a local attacker to modify kernel memory, thus causing an endless loop (Denial of Service) or possibly even root privilege escalation.\n\nCAN-2004-1056:\n\nThomas Hellstr\u00b4\u2510\u017bm discovered a Denial of Service vulnerability in the Direct Rendering Manager (DRM) drivers. Due to an insufficient DMA lock checking, any authorized client could send arbitrary values to the video card, which could cause an X server crash or modification of the video output.\n\nCAN-2004-1058:\n\nRob Landley discovered a race condition in the handling of /proc/\u2026/cmdline. Under very rare circumstances an user could read the environment variables of another process that was still spawning. Environment variables are often used to pass passwords and other private information to other processes.\n\nCAN-2004-1068:\n\nA race condition was discovered in the handling of AF_UNIX network packets. This reportedly allowed local users to modify arbitrary kernel memory, facilitating privilege escalation, or possibly allowing code execution in the context of the kernel.\n\nCAN-2004-1069:\n\nRoss Kendall Axe discovered a possible kernel panic (causing a Denial of Service) while sending AF_UNIX network packages if the kernel options CONFIG_SECURITY_NETWORK and CONFIG_SECURITY_SELINUX are enabled. This is not the case in the kernel packages shipped in Warty Warthog; however, if you recompiled the kernel using SELinux, you are affected by this flaw.\n\nCAN-2004-1137:\n\nPaul Starzetz discovered several flaws in the IGMP handling code. This allowed users to provoke a Denial of Service, read kernel memory, and execute arbitrary code with root privileges. This flaw is also exploitable remotely if an application has bound a multicast socket.\n\nCAN-2004-1151:\n\nJeremy Fitzhardinge discovered two buffer overflows in the sys32_ni_syscall() and sys32_vm86_warning() functions. This could possibly be exploited to overwrite kernel memory with attacker-supplied code and cause root privilege escalation.\n\nThis vulnerability only affects the amd64 architecture.", "published": "2004-12-15T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/38-1/", "cvelist": ["CVE-2004-1058", "CVE-2004-1069", "CVE-2004-1056", "CVE-2004-1151", "CVE-2004-1137", "CVE-2004-1068", "CVE-2004-0814", "CVE-2004-1016"], "lastseen": "2018-03-29T18:17:53"}], "nessus": [{"id": "UBUNTU_USN-38-1.NASL", "type": "nessus", "title": "Ubuntu 4.10 : linux-source-2.6.8.1 vulnerabilities (USN-38-1)", "description": "CAN-2004-0814 :\n\nVitaly V. Bursov discovered a Denial of Service vulnerability in the 'serio' code; opening the same tty device twice and doing some particular operations on it caused a kernel panic and/or a system lockup. \n\nFixing this vulnerability required a change in the Application Binary Interface (ABI) of the kernel. This means that third-party user installed modules might not work any more with the new kernel, so this fixed kernel got a new ABI version number. You have to recompile and reinstall all third-party modules.\n\nCAN-2004-1016 :\n\nPaul Starzetz discovered a buffer overflow vulnerability in the '__scm_send' function which handles the sending of UDP network packets. A wrong validity check of the cmsghdr structure allowed a local attacker to modify kernel memory, thus causing an endless loop (Denial of Service) or possibly even root privilege escalation.\n\nCAN-2004-1056 :\n\nThomas Hellstrom discovered a Denial of Service vulnerability in the Direct Rendering Manager (DRM) drivers. Due to an insufficient DMA lock checking, any authorized client could send arbitrary values to the video card, which could cause an X server crash or modification of the video output.\n\nCAN-2004-1058 :\n\nRob Landley discovered a race condition in the handling of /proc/.../cmdline. Under very rare circumstances an user could read the environment variables of another process that was still spawning.\nEnvironment variables are often used to pass passwords and other private information to other processes.\n\nCAN-2004-1068 :\n\nA race condition was discovered in the handling of AF_UNIX network packets. This reportedly allowed local users to modify arbitrary kernel memory, facilitating privilege escalation, or possibly allowing code execution in the context of the kernel.\n\nCAN-2004-1069 :\n\nRoss Kendall Axe discovered a possible kernel panic (causing a Denial of Service) while sending AF_UNIX network packages if the kernel options CONFIG_SECURITY_NETWORK and CONFIG_SECURITY_SELINUX are enabled. This is not the case in the kernel packages shipped in Warty Warthog; however, if you recompiled the kernel using SELinux, you are affected by this flaw.\n\nCAN-2004-1137 :\n\nPaul Starzetz discovered several flaws in the IGMP handling code. This allowed users to provoke a Denial of Service, read kernel memory, and execute arbitrary code with root privileges. This flaw is also exploitable remotely if an application has bound a multicast socket.\n\nCAN-2004-1151 :\n\nJeremy Fitzhardinge discovered two buffer overflows in the sys32_ni_syscall() and sys32_vm86_warning() functions. This could possibly be exploited to overwrite kernel memory with attacker-supplied code and cause root privilege escalation. \n\nThis vulnerability only affects the amd64 architecture.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2006-01-15T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=20654", "cvelist": ["CVE-2004-1058", "CVE-2004-1069", "CVE-2004-1056", "CVE-2004-1151", "CVE-2004-1137", "CVE-2004-1068", "CVE-2004-0814", "CVE-2004-1016"], "lastseen": "2017-10-29T13:41:58"}, {"id": "SUSE_SA_2005_018.NASL", "type": "nessus", "title": "SUSE-SA:2005:018: kernel", "description": "The remote host is missing the patch for the advisory SUSE-SA:2005:018 (kernel).\n\n\nThe Linux kernel is the core component of the Linux system.\n\nSeveral vulnerabilities were reported in the last few weeks which are fixed by this update.", "published": "2005-03-25T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=17617", "cvelist": ["CVE-2005-0003", "CVE-2004-1333", "CVE-2005-0529", "CVE-2005-0504", "CVE-2005-0384", "CVE-2005-0530", "CVE-2005-0209", "CVE-2005-0210", "CVE-2005-0532", "CVE-2005-0449", "CVE-2004-0814"], "lastseen": "2016-12-28T06:11:40"}, {"id": "CENTOS_RHSA-2005-293.NASL", "type": "nessus", "title": "CentOS 3 : kernel (CESA-2005:293)", "description": "Updated kernel packages that fix several security issues in the Red Hat Enterprise Linux 3 kernel are now available.\n\nThis security advisory has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe Linux kernel handles the basic functions of the operating system.\n\nThe following security issues were fixed :\n\nThe Vicam USB driver did not use the copy_from_user function to access userspace, crossing security boundaries. (CVE-2004-0075)\n\nThe ext3 and jfs code did not properly initialize journal descriptor blocks. A privileged local user could read portions of kernel memory.\n(CVE-2004-0177)\n\nThe terminal layer did not properly lock line discipline changes or pending IO. An unprivileged local user could read portions of kernel memory, or cause a denial of service (system crash). (CVE-2004-0814)\n\nA race condition was discovered. Local users could use this flaw to read the environment variables of another process that is still spawning via /proc/.../cmdline. (CVE-2004-1058)\n\nA flaw in the execve() syscall handling was discovered, allowing a local user to read setuid ELF binaries that should otherwise be protected by standard permissions. (CVE-2004-1073). Red Hat originally reported this as being fixed by RHSA-2004:549, but the associated fix was missing from that update.\n\nKeith Owens reported a flaw in the Itanium unw_unwind_to_user() function. A local user could use this flaw to cause a denial of service (system crash) on the Itanium architecture. (CVE-2005-0135)\n\nA missing Itanium syscall table entry could allow an unprivileged local user to cause a denial of service (system crash) on the Itanium architecture. (CVE-2005-0137)\n\nA flaw affecting the OUTS instruction on the AMD64 and Intel EM64T architectures was discovered. A local user could use this flaw to access privileged IO ports. (CVE-2005-0204)\n\nA flaw was discovered in the Linux PPP driver. On systems allowing remote users to connect to a server using ppp, a remote client could cause a denial of service (system crash). (CVE-2005-0384)\n\nA flaw in the Red Hat backport of NPTL to Red Hat Enterprise Linux 3 was discovered that left a pointer to a freed tty structure. A local user could potentially use this flaw to cause a denial of service (system crash) or possibly gain read or write access to ttys that should normally be prevented. (CVE-2005-0403)\n\nA flaw in fragment queuing was discovered affecting the netfilter subsystem. On systems configured to filter or process network packets (for example those configured to do firewalling), a remote attacker could send a carefully crafted set of fragmented packets to a machine and cause a denial of service (system crash). In order to sucessfully exploit this flaw, the attacker would need to know (or guess) some aspects of the firewall ruleset in place on the target system to be able to craft the right fragmented packets. (CVE-2005-0449)\n\nMissing validation of an epoll_wait() system call parameter could allow a local user to cause a denial of service (system crash) on the IBM S/390 and zSeries architectures. (CVE-2005-0736)\n\nA flaw when freeing a pointer in load_elf_library was discovered. A local user could potentially use this flaw to cause a denial of service (system crash). (CVE-2005-0749)\n\nA flaw was discovered in the bluetooth driver system. On system where the bluetooth modules are loaded, a local user could use this flaw to gain elevated (root) privileges. (CVE-2005-0750)\n\nIn addition to the security issues listed above, there was an important fix made to the handling of the msync() system call for a particular case in which the call could return without queuing modified mmap()'ed data for file system update. (BZ 147969)\n\nNote: The kernel-unsupported package contains various drivers and modules that are unsupported and therefore might contain security problems that have not been addressed.\n\nRed Hat Enterprise Linux 3 users are advised to upgrade their kernels to the packages associated with their machine architectures/configurations\n\nPlease note that the fix for CVE-2005-0449 required changing the external symbol linkages (kernel module ABI) for the ip_defrag() and ip_ct_gather_frags() functions. Any third-party module using either of these would also need to be fixed.", "published": "2006-07-05T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=21923", "cvelist": ["CVE-2004-1058", "CVE-2005-0749", "CVE-2005-0135", "CVE-2005-0137", "CVE-2005-0403", "CVE-2004-0177", "CVE-2005-0736", "CVE-2005-0384", "CVE-2005-0449", "CVE-2004-0075", "CVE-2005-0204", "CVE-2005-0750", "CVE-2004-0814", "CVE-2004-1073"], "lastseen": "2017-10-29T13:42:55"}, {"id": "MANDRAKE_MDKSA-2005-022.NASL", "type": "nessus", "title": "Mandrake Linux Security Advisory : kernel (MDKSA-2005:022)", "description": "A number of vulnerabilities are fixed in the 2.4 and 2.6 kernels with this advisory :\n\n - Multiple race conditions in the terminal layer of 2.4 and 2.6 kernels (prior to 2.6.9) can allow a local attacker to obtain portions of kernel data or allow remote attackers to cause a kernel panic by switching from console to PPP line discipline, then quickly sending data that is received during the switch (CVE-2004-0814)\n\n - Richard Hart found an integer underflow problem in the iptables firewall logging rules that can allow a remote attacker to crash the machine by using a specially crafted IP packet. This is only possible, however, if firewalling is enabled. The problem only affects 2.6 kernels and was fixed upstream in 2.6.8 (CVE-2004-0816)\n\n - Stefan Esser found several remote DoS confitions in the smbfs file system. This could be exploited by a hostile SMB server (or an attacker injecting packets into the network) to crash the client systems (CVE-2004-0883 and CVE-2004-0949)\n\n - Paul Starzetz and Georgi Guninski reported, independently, that bad argument handling and bad integer arithmetics in the IPv4 sendmsg handling of control messages could lead to a local attacker crashing the machine. The fixes were done by Herbert Xu (CVE-2004-1016)\n\n - Rob Landley discovered a race condition in the handling of /proc/.../cmdline where, under rare circumstances, a user could read the environment variables of another process that was still spawning leading to the potential disclosure of sensitive information such as passwords (CVE-2004-1058)\n\n - Paul Starzetz reported that the missing serialization in unix_dgram_recvmsg() which was added to kernel 2.4.28 can be used by a local attacker to gain elevated (root) privileges (CVE-2004-1068)\n\n - Ross Kendall Axe discovered a possible kernel panic (DoS) while sending AF_UNIX network packets if certain SELinux-related kernel options were enabled. By default the CONFIG_SECURITY_NETWORK and CONFIG_SECURITY_SELINUX options are not enabled (CVE-2004-1069)\n\n - Paul Starzetz of isec.pl discovered several issues with the error handling of the ELF loader routines in the kernel. The fixes were provided by Chris Wright (CVE-2004-1070, CVE-2004-1071, CVE-2004-1072, CVE-2004-1073)\n\n - It was discovered that hand-crafted a.out binaries could be used to trigger a local DoS condition in both the 2.4 and 2.6 kernels. The fixes were done by Chris Wright (CVE-2004-1074)\n\n - Paul Starzetz found bad handling in the IGMP code which could lead to a local attacker being able to crash the machine. The fix was done by Chris Wright (CVE-2004-1137)\n\n - Jeremy Fitzhardinge discovered two buffer overflows in the sys32_ni_syscall() and sys32_vm86_warning() functions that could be used to overwrite kernel memory with attacker-supplied code resulting in privilege escalation (CVE-2004-1151)\n\n - Paul Starzetz found locally exploitable flaws in the binary format loader's uselib() function that could be abused to allow a local user to obtain root privileges (CVE-2004-1235)\n\n - Paul Starzetz found an exploitable flaw in the page fault handler when running on SMP machines (CVE-2005-0001)\n\n - A vulnerability in insert_vm_struct could allow a locla user to trigger BUG() when the user created a large vma that overlapped with arg pages during exec (CVE-2005-0003)\n\n - Paul Starzetz also found a number of vulnerabilities in the kernel binfmt_elf loader that could lead a local user to obtain elevated (root) privileges (isec-0017-binfmt_elf)\n\nThe provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels.\n\nTo update your kernel, please follow the directions located at :\n\nhttp://www.mandrakesoft.com/security/kernelupdate\n\nPLEASE NOTE: Mandrakelinux 10.0 users will need to upgrade to the latest module-init-tools package prior to upgrading their kernel.\nLikewise, MNF8.2 users will need to upgrade to the latest modutils package prior to upgrading their kernel.", "published": "2005-01-26T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=16259", "cvelist": ["CVE-2004-1058", "CVE-2004-1235", "CVE-2005-0003", "CVE-2004-1069", "CVE-2004-1071", "CVE-2004-1072", "CVE-2004-1191", "CVE-2004-0883", "CVE-2004-1057", "CVE-2004-1070", "CVE-2004-0816", "CVE-2004-0949", "CVE-2004-1151", "CVE-2004-1137", "CVE-2004-1068", "CVE-2004-1074", "CVE-2004-0814", "CVE-2005-0001", "CVE-2004-1073", "CVE-2004-1016"], "lastseen": "2017-10-29T13:44:36"}, {"id": "REDHAT-RHSA-2005-293.NASL", "type": "nessus", "title": "RHEL 3 : kernel (RHSA-2005:293)", "description": "Updated kernel packages that fix several security issues in the Red Hat Enterprise Linux 3 kernel are now available.\n\nThis security advisory has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe Linux kernel handles the basic functions of the operating system.\n\nThe following security issues were fixed :\n\nThe Vicam USB driver did not use the copy_from_user function to access userspace, crossing security boundaries. (CVE-2004-0075)\n\nThe ext3 and jfs code did not properly initialize journal descriptor blocks. A privileged local user could read portions of kernel memory.\n(CVE-2004-0177)\n\nThe terminal layer did not properly lock line discipline changes or pending IO. An unprivileged local user could read portions of kernel memory, or cause a denial of service (system crash). (CVE-2004-0814)\n\nA race condition was discovered. Local users could use this flaw to read the environment variables of another process that is still spawning via /proc/.../cmdline. (CVE-2004-1058)\n\nA flaw in the execve() syscall handling was discovered, allowing a local user to read setuid ELF binaries that should otherwise be protected by standard permissions. (CVE-2004-1073). Red Hat originally reported this as being fixed by RHSA-2004:549, but the associated fix was missing from that update.\n\nKeith Owens reported a flaw in the Itanium unw_unwind_to_user() function. A local user could use this flaw to cause a denial of service (system crash) on the Itanium architecture. (CVE-2005-0135)\n\nA missing Itanium syscall table entry could allow an unprivileged local user to cause a denial of service (system crash) on the Itanium architecture. (CVE-2005-0137)\n\nA flaw affecting the OUTS instruction on the AMD64 and Intel EM64T architectures was discovered. A local user could use this flaw to access privileged IO ports. (CVE-2005-0204)\n\nA flaw was discovered in the Linux PPP driver. On systems allowing remote users to connect to a server using ppp, a remote client could cause a denial of service (system crash). (CVE-2005-0384)\n\nA flaw in the Red Hat backport of NPTL to Red Hat Enterprise Linux 3 was discovered that left a pointer to a freed tty structure. A local user could potentially use this flaw to cause a denial of service (system crash) or possibly gain read or write access to ttys that should normally be prevented. (CVE-2005-0403)\n\nA flaw in fragment queuing was discovered affecting the netfilter subsystem. On systems configured to filter or process network packets (for example those configured to do firewalling), a remote attacker could send a carefully crafted set of fragmented packets to a machine and cause a denial of service (system crash). In order to sucessfully exploit this flaw, the attacker would need to know (or guess) some aspects of the firewall ruleset in place on the target system to be able to craft the right fragmented packets. (CVE-2005-0449)\n\nMissing validation of an epoll_wait() system call parameter could allow a local user to cause a denial of service (system crash) on the IBM S/390 and zSeries architectures. (CVE-2005-0736)\n\nA flaw when freeing a pointer in load_elf_library was discovered. A local user could potentially use this flaw to cause a denial of service (system crash). (CVE-2005-0749)\n\nA flaw was discovered in the bluetooth driver system. On system where the bluetooth modules are loaded, a local user could use this flaw to gain elevated (root) privileges. (CVE-2005-0750)\n\nIn addition to the security issues listed above, there was an important fix made to the handling of the msync() system call for a particular case in which the call could return without queuing modified mmap()'ed data for file system update. (BZ 147969)\n\nNote: The kernel-unsupported package contains various drivers and modules that are unsupported and therefore might contain security problems that have not been addressed.\n\nRed Hat Enterprise Linux 3 users are advised to upgrade their kernels to the packages associated with their machine architectures/configurations\n\nPlease note that the fix for CVE-2005-0449 required changing the external symbol linkages (kernel module ABI) for the ip_defrag() and ip_ct_gather_frags() functions. Any third-party module using either of these would also need to be fixed.", "published": "2005-04-25T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=18128", "cvelist": ["CVE-2004-1058", "CVE-2005-0749", "CVE-2005-0135", "CVE-2005-0137", "CVE-2005-0403", "CVE-2004-0177", "CVE-2005-0736", "CVE-2005-0384", "CVE-2005-0449", "CVE-2004-0075", "CVE-2005-0204", "CVE-2005-0750", "CVE-2004-0814", "CVE-2004-1073"], "lastseen": "2017-10-29T13:37:58"}], "openvas": [{"id": "OPENVAS:65101", "type": "openvas", "title": "SLES9: Security update for Linux kernel", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n um-host-kernel\n um-host-install-initrd\n kernel-bigsmp\n kernel-default\n kernel-um\n kernel-syms\n kernel-source\n kernel-smp\n kernel-debug\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5011171 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "published": "2009-10-10T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=65101", "cvelist": ["CVE-2005-0135", "CVE-2005-0529", "CVE-2005-0504", "CVE-2005-0136", "CVE-2005-0384", "CVE-2005-0530", "CVE-2005-0209", "CVE-2005-0210", "CVE-2005-0532", "CVE-2005-0449", "CVE-2004-0814"], "lastseen": "2017-07-26T08:56:07"}, {"id": "OPENVAS:136141256231065101", "type": "openvas", "title": "SLES9: Security update for Linux kernel", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n um-host-kernel\n um-host-install-initrd\n kernel-bigsmp\n kernel-default\n kernel-um\n kernel-syms\n kernel-source\n kernel-smp\n kernel-debug\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5011171 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "published": "2009-10-10T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065101", "cvelist": ["CVE-2005-0135", "CVE-2005-0529", "CVE-2005-0504", "CVE-2005-0136", "CVE-2005-0384", "CVE-2005-0530", "CVE-2005-0209", "CVE-2005-0210", "CVE-2005-0532", "CVE-2005-0449", "CVE-2004-0814"], "lastseen": "2018-04-06T11:39:58"}], "suse": [{"id": "SUSE-SA:2005:018", "type": "suse", "title": "remote denial of service in kernel", "description": "The Linux kernel is the core component of the Linux system.\n#### Solution\nNone. Please install the updated packages.", "published": "2005-03-24T16:30:19", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2005-03/msg00020.html", "cvelist": ["CVE-2005-0003", "CVE-2005-2801", "CVE-2004-1333", "CVE-2005-0529", "CVE-2005-0504", "CVE-2005-0736", "CVE-2005-0384", "CVE-2005-0530", "CVE-2005-0209", "CVE-2005-0210", "CVE-2005-0532", "CVE-2005-0867", "CVE-2005-0449", "CVE-2004-0814"], "lastseen": "2016-09-04T11:24:48"}], "centos": [{"id": "CESA-2005:293", "type": "centos", "title": "kernel security update", "description": "**CentOS Errata and Security Advisory** CESA-2005:293\n\n\nThe following security issues were fixed:\n\nThe Vicam USB driver did not use the copy_from_user function to access\nuserspace, crossing security boundaries. (CAN-2004-0075)\n\nThe ext3 and jfs code did not properly initialize journal descriptor\nblocks. A privileged local user could read portions of kernel memory.\n(CAN-2004-0177)\n\nThe terminal layer did not properly lock line discipline changes or pending\nIO. An unprivileged local user could read portions of kernel memory, or\ncause a denial of service (system crash). (CAN-2004-0814)\n\nA race condition was discovered. Local users could use this flaw to read\nthe environment variables of another process that is still spawning via\n/proc/.../cmdline. (CAN-2004-1058)\n\nA flaw in the execve() syscall handling was discovered, allowing a local\nuser to read setuid ELF binaries that should otherwise be protected by\nstandard permissions. (CAN-2004-1073). Red Hat originally reported this\nas being fixed by RHSA-2004:549, but the associated fix was missing from\nthat update.\n\nKeith Owens reported a flaw in the Itanium unw_unwind_to_user() function.\nA local user could use this flaw to cause a denial of service (system\ncrash) on the Itanium architecture. (CAN-2005-0135)\n\nA missing Itanium syscall table entry could allow an unprivileged\nlocal user to cause a denial of service (system crash) on the Itanium\narchitecture. (CAN-2005-0137)\n\nA flaw affecting the OUTS instruction on the AMD64 and Intel EM64T\narchitectures was discovered. A local user could use this flaw to\naccess privileged IO ports. (CAN-2005-0204)\n\nA flaw was discovered in the Linux PPP driver. On systems allowing remote\nusers to connect to a server using ppp, a remote client could cause a\ndenial of service (system crash). (CAN-2005-0384)\n\nA flaw in the Red Hat backport of NPTL to Red Hat Enterprise Linux 3 was\ndiscovered that left a pointer to a freed tty structure. A local user\ncould potentially use this flaw to cause a denial of service (system crash)\nor possibly gain read or write access to ttys that should normally be\nprevented. (CAN-2005-0403)\n\nA flaw in fragment queuing was discovered affecting the netfilter\nsubsystem. On systems configured to filter or process network packets (for\nexample those configured to do firewalling), a remote attacker could send a\ncarefully crafted set of fragmented packets to a machine and cause a denial\nof service (system crash). In order to sucessfully exploit this flaw, the\nattacker would need to know (or guess) some aspects of the firewall ruleset\nin place on the target system to be able to craft the right fragmented\npackets. (CAN-2005-0449)\n\nMissing validation of an epoll_wait() system call parameter could allow\na local user to cause a denial of service (system crash) on the IBM S/390\nand zSeries architectures. (CAN-2005-0736)\n\nA flaw when freeing a pointer in load_elf_library was discovered. A local\nuser could potentially use this flaw to cause a denial of service (system\ncrash). (CAN-2005-0749)\n\nA flaw was discovered in the bluetooth driver system. On system where the\nbluetooth modules are loaded, a local user could use this flaw to gain\nelevated (root) privileges. (CAN-2005-0750)\n\nIn addition to the security issues listed above, there was an important\nfix made to the handling of the msync() system call for a particular case\nin which the call could return without queuing modified mmap()'ed data for\nfile system update. (BZ 147969)\n\nNote: The kernel-unsupported package contains various drivers and modules\nthat are unsupported and therefore might contain security problems that\nhave not been addressed.\n\nRed Hat Enterprise Linux 3 users are advised to upgrade their kernels to\nthe packages associated with their machine architectures/configurations\n\nPlease note that the fix for CAN-2005-0449 required changing the\nexternal symbol linkages (kernel module ABI) for the ip_defrag()\nand ip_ct_gather_frags() functions. Any third-party module using either\nof these would also need to be fixed.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-April/011589.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-April/011590.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-April/011591.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-April/011592.html\n\n**Affected packages:**\nkernel\nkernel-BOOT\nkernel-doc\nkernel-hugemem\nkernel-hugemem-unsupported\nkernel-smp\nkernel-smp-unsupported\nkernel-source\nkernel-unsupported\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2005-293.html", "published": "2005-04-22T21:54:37", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2005-April/011589.html", "cvelist": ["CVE-2004-1058", "CVE-2005-0749", "CVE-2005-0135", "CVE-2005-0137", "CVE-2005-0403", "CVE-2004-0177", "CVE-2005-0736", "CVE-2005-0384", "CVE-2005-0449", "CVE-2004-0075", "CVE-2005-0204", "CVE-2005-0750", "CVE-2004-0814", "CVE-2004-1073"], "lastseen": "2017-10-12T14:44:52"}], "redhat": [{"id": "RHSA-2005:293", "type": "redhat", "title": "(RHSA-2005:293) kernel security update", "description": "The following security issues were fixed:\n\nThe Vicam USB driver did not use the copy_from_user function to access\nuserspace, crossing security boundaries. (CAN-2004-0075)\n\nThe ext3 and jfs code did not properly initialize journal descriptor\nblocks. A privileged local user could read portions of kernel memory.\n(CAN-2004-0177)\n\nThe terminal layer did not properly lock line discipline changes or pending\nIO. An unprivileged local user could read portions of kernel memory, or\ncause a denial of service (system crash). (CAN-2004-0814)\n\nA race condition was discovered. Local users could use this flaw to read\nthe environment variables of another process that is still spawning via\n/proc/.../cmdline. (CAN-2004-1058)\n\nA flaw in the execve() syscall handling was discovered, allowing a local\nuser to read setuid ELF binaries that should otherwise be protected by\nstandard permissions. (CAN-2004-1073). Red Hat originally reported this\nas being fixed by RHSA-2004:549, but the associated fix was missing from\nthat update.\n\nKeith Owens reported a flaw in the Itanium unw_unwind_to_user() function.\nA local user could use this flaw to cause a denial of service (system\ncrash) on the Itanium architecture. (CAN-2005-0135)\n\nA missing Itanium syscall table entry could allow an unprivileged\nlocal user to cause a denial of service (system crash) on the Itanium\narchitecture. (CAN-2005-0137)\n\nA flaw affecting the OUTS instruction on the AMD64 and Intel EM64T\narchitectures was discovered. A local user could use this flaw to\naccess privileged IO ports. (CAN-2005-0204)\n\nA flaw was discovered in the Linux PPP driver. On systems allowing remote\nusers to connect to a server using ppp, a remote client could cause a\ndenial of service (system crash). (CAN-2005-0384)\n\nA flaw in the Red Hat backport of NPTL to Red Hat Enterprise Linux 3 was\ndiscovered that left a pointer to a freed tty structure. A local user\ncould potentially use this flaw to cause a denial of service (system crash)\nor possibly gain read or write access to ttys that should normally be\nprevented. (CAN-2005-0403)\n\nA flaw in fragment queuing was discovered affecting the netfilter\nsubsystem. On systems configured to filter or process network packets (for\nexample those configured to do firewalling), a remote attacker could send a\ncarefully crafted set of fragmented packets to a machine and cause a denial\nof service (system crash). In order to sucessfully exploit this flaw, the\nattacker would need to know (or guess) some aspects of the firewall ruleset\nin place on the target system to be able to craft the right fragmented\npackets. (CAN-2005-0449)\n\nMissing validation of an epoll_wait() system call parameter could allow\na local user to cause a denial of service (system crash) on the IBM S/390\nand zSeries architectures. (CAN-2005-0736)\n\nA flaw when freeing a pointer in load_elf_library was discovered. A local\nuser could potentially use this flaw to cause a denial of service (system\ncrash). (CAN-2005-0749)\n\nA flaw was discovered in the bluetooth driver system. On system where the\nbluetooth modules are loaded, a local user could use this flaw to gain\nelevated (root) privileges. (CAN-2005-0750)\n\nIn addition to the security issues listed above, there was an important\nfix made to the handling of the msync() system call for a particular case\nin which the call could return without queuing modified mmap()'ed data for\nfile system update. (BZ 147969)\n\nNote: The kernel-unsupported package contains various drivers and modules\nthat are unsupported and therefore might contain security problems that\nhave not been addressed.\n\nRed Hat Enterprise Linux 3 users are advised to upgrade their kernels to\nthe packages associated with their machine architectures/configurations\n\nPlease note that the fix for CAN-2005-0449 required changing the\nexternal symbol linkages (kernel module ABI) for the ip_defrag()\nand ip_ct_gather_frags() functions. Any third-party module using either\nof these would also need to be fixed.", "published": "2005-04-22T04:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2005:293", "cvelist": ["CVE-2004-0075", "CVE-2004-0177", "CVE-2004-0814", "CVE-2004-1058", "CVE-2004-1073", "CVE-2005-0135", "CVE-2005-0137", "CVE-2005-0204", "CVE-2005-0384", "CVE-2005-0403", "CVE-2005-0449", "CVE-2005-0736", "CVE-2005-0749", "CVE-2005-0750"], "lastseen": "2017-08-02T22:57:29"}]}}
