ID CVE-2005-0090 Type cve Reporter cve@mitre.org Modified 2017-10-11T01:29:00
Description
A regression error in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch omits an "access check," which allows local users to cause a denial of service (crash).
{"osvdb": [{"lastseen": "2017-04-28T13:20:11", "bulletinFamily": "software", "description": "## Vulnerability Description\nRedHat Linux contains a flaw that may allow a local denial of service. The issue is due to a missing access check, due to a regression error in the RedHat Linux 4 kernel 4GB/4GB split patch, and will result in loss of availability for the platform.\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, RedHat has released a patch to address this vulnerability.\n## Short Description\nRedHat Linux contains a flaw that may allow a local denial of service. The issue is due to a missing access check, due to a regression error in the RedHat Linux 4 kernel 4GB/4GB split patch, and will result in loss of availability for the platform.\n## References:\n[Vendor Specific Advisory URL](http://www.redhat.com/support/errata/RHSA-2005-092.html)\n[CVE-2005-0090\n](https://vulners.com/cve/CVE-2005-0090\n)\nBugtraq ID: 12599\n", "modified": "2005-02-19T22:51:48", "published": "2005-02-19T22:51:48", "href": "https://vulners.com/osvdb/OSVDB:15417", "id": "OSVDB:15417", "title": "Red Hat Linux 4GB Split Patch access check Regression Error Local DoS", "type": "osvdb", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-04-28T13:20:11", "bulletinFamily": "software", "description": "## Vulnerability Description\nA missing access check regression in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch has been discovered. On systems using the hugemem kernel, a local unprivileged user could use this flaw to cause a denial of service (crash). (CAN-2005-0090)\n\nA flaw in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch can\nallow syscalls to read and write arbitrary kernel memory. On systems using\nthe hugemem kernel, a local unprivileged user could use this flaw to gain\nprivileges. (CAN-2005-0091)\n\nAn additional flaw in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split\npatch was discovered. On x86 systems using the hugemem kernel, a local\nunprivileged user may be able to use this flaw to cause a denial of service\n(crash). (CAN-2005-0092)\n## Solution Description\nAll Red Hat Enterprise Linux 4 users are advised to upgrade their\nkernels to the packages associated with their machine architectures\nand configurations as listed in this erratum.\n## Short Description\nA missing access check regression in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch has been discovered. On systems using the hugemem kernel, a local unprivileged user could use this flaw to cause a denial of service (crash). (CAN-2005-0090)\n\nA flaw in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch can\nallow syscalls to read and write arbitrary kernel memory. On systems using\nthe hugemem kernel, a local unprivileged user could use this flaw to gain\nprivileges. (CAN-2005-0091)\n\nAn additional flaw in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split\npatch was discovered. On x86 systems using the hugemem kernel, a local\nunprivileged user may be able to use this flaw to cause a denial of service\n(crash). (CAN-2005-0092)\n## References:\n[Vendor Specific Advisory URL](http://www.redhat.com/support/errata/RHSA-2005-092.html)\n[CVE-2005-0092](https://vulners.com/cve/CVE-2005-0092)\n[CVE-2005-0090](https://vulners.com/cve/CVE-2005-0090)\n[CVE-2005-0091](https://vulners.com/cve/CVE-2005-0091)\nBugtraq ID: 12599\n", "modified": "2005-02-19T23:53:36", "published": "2005-02-19T23:53:36", "href": "https://vulners.com/osvdb/OSVDB:15416", "id": "OSVDB:15416", "title": "Red Hat Linux 4GB Split Patch Unspecified Kernel Memory Read/Write", "type": "osvdb", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-12-13T08:52:34", "bulletinFamily": "scanner", "description": "Updated kernel packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe Linux kernel handles the basic functions of the operating system.\n\nThis advisory includes fixes for several security issues :\n\niSEC Security Research discovered multiple vulnerabilities in the IGMP\nfunctionality. These flaws could allow a local user to cause a denial\nof service (crash) or potentially gain privileges. Where multicast\napplications are being used on a system, these flaws may also allow\nremote users to cause a denial of service. The Common Vulnerabilities\nand Exposures project (cve.mitre.org) has assigned the name\nCVE-2004-1137 to this issue.\n\niSEC Security Research discovered a flaw in the page fault handler\ncode that could lead to local users gaining elevated (root) privileges\non multiprocessor machines. (CVE-2005-0001)\n\niSEC Security Research discovered a VMA handling flaw in the uselib(2)\nsystem call of the Linux kernel. A local user could make use of this\nflaw to gain elevated (root) privileges. (CVE-2004-1235)\n\nA flaw affecting the OUTS instruction on the AMD64 and Intel EM64T\narchitecture was discovered. A local user could use this flaw to write\nto privileged IO ports. (CVE-2005-0204)\n\nThe Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does not\nproperly check the DMA lock, which could allow remote attackers or\nlocal users to cause a denial of service (X Server crash) or possibly\nmodify the video output. (CVE-2004-1056)\n\nOGAWA Hirofumi discovered incorrect tables sizes being used in the\nfilesystem Native Language Support ASCII translation table. This could\nlead to a denial of service (system crash). (CVE-2005-0177)\n\nMichael Kerrisk discovered a flaw in the 2.6.9 kernel which allows\nusers to unlock arbitrary shared memory segments. This flaw could lead\nto applications not behaving as expected. (CVE-2005-0176)\n\nImprovements in the POSIX signal and tty standards compliance exposed\na race condition. This flaw can be triggered accidentally by threaded\napplications or deliberately by a malicious user and can result in a\ndenial of service (crash) or in occasional cases give access to a\nsmall random chunk of kernel memory. (CVE-2005-0178)\n\nThe PaX team discovered a flaw in mlockall introduced in the 2.6.9\nkernel. An unprivileged user could use this flaw to cause a denial of\nservice (CPU and memory consumption or crash). (CVE-2005-0179)\n\nBrad Spengler discovered multiple flaws in sg_scsi_ioctl in the 2.6\nkernel. An unprivileged user may be able to use this flaw to cause a\ndenial of service (crash) or possibly other actions. (CVE-2005-0180)\n\nKirill Korotaev discovered a missing access check regression in the\nRed Hat Enterprise Linux 4 kernel 4GB/4GB split patch. On systems\nusing the hugemem kernel, a local unprivileged user could use this\nflaw to cause a denial of service (crash). (CVE-2005-0090)\n\nA flaw in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch\ncan allow syscalls to read and write arbitrary kernel memory. On\nsystems using the hugemem kernel, a local unprivileged user could use\nthis flaw to gain privileges. (CVE-2005-0091)\n\nAn additional flaw in the Red Hat Enterprise Linux 4 kernel 4GB/4GB\nsplit patch was discovered. On x86 systems using the hugemem kernel, a\nlocal unprivileged user may be able to use this flaw to cause a denial\nof service (crash). (CVE-2005-0092)\n\nAll Red Hat Enterprise Linux 4 users are advised to upgrade their\nkernels to the packages associated with their machine architectures\nand configurations as listed in this erratum.", "modified": "2019-12-02T00:00:00", "id": "REDHAT-RHSA-2005-092.NASL", "href": "https://www.tenable.com/plugins/nessus/17183", "published": "2005-02-22T00:00:00", "title": "RHEL 4 : kernel (RHSA-2005:092)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:092. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17183);\n script_version (\"1.27\");\n script_cvs_date(\"Date: 2019/10/25 13:36:11\");\n\n script_cve_id(\"CVE-2004-1056\", \"CVE-2004-1137\", \"CVE-2004-1235\", \"CVE-2005-0001\", \"CVE-2005-0090\", \"CVE-2005-0091\", \"CVE-2005-0092\", \"CVE-2005-0176\", \"CVE-2005-0177\", \"CVE-2005-0178\", \"CVE-2005-0179\", \"CVE-2005-0180\", \"CVE-2005-0204\");\n script_xref(name:\"RHSA\", value:\"2005:092\");\n\n script_name(english:\"RHEL 4 : kernel (RHSA-2005:092)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe Linux kernel handles the basic functions of the operating system.\n\nThis advisory includes fixes for several security issues :\n\niSEC Security Research discovered multiple vulnerabilities in the IGMP\nfunctionality. These flaws could allow a local user to cause a denial\nof service (crash) or potentially gain privileges. Where multicast\napplications are being used on a system, these flaws may also allow\nremote users to cause a denial of service. The Common Vulnerabilities\nand Exposures project (cve.mitre.org) has assigned the name\nCVE-2004-1137 to this issue.\n\niSEC Security Research discovered a flaw in the page fault handler\ncode that could lead to local users gaining elevated (root) privileges\non multiprocessor machines. (CVE-2005-0001)\n\niSEC Security Research discovered a VMA handling flaw in the uselib(2)\nsystem call of the Linux kernel. A local user could make use of this\nflaw to gain elevated (root) privileges. (CVE-2004-1235)\n\nA flaw affecting the OUTS instruction on the AMD64 and Intel EM64T\narchitecture was discovered. A local user could use this flaw to write\nto privileged IO ports. (CVE-2005-0204)\n\nThe Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does not\nproperly check the DMA lock, which could allow remote attackers or\nlocal users to cause a denial of service (X Server crash) or possibly\nmodify the video output. (CVE-2004-1056)\n\nOGAWA Hirofumi discovered incorrect tables sizes being used in the\nfilesystem Native Language Support ASCII translation table. This could\nlead to a denial of service (system crash). (CVE-2005-0177)\n\nMichael Kerrisk discovered a flaw in the 2.6.9 kernel which allows\nusers to unlock arbitrary shared memory segments. This flaw could lead\nto applications not behaving as expected. (CVE-2005-0176)\n\nImprovements in the POSIX signal and tty standards compliance exposed\na race condition. This flaw can be triggered accidentally by threaded\napplications or deliberately by a malicious user and can result in a\ndenial of service (crash) or in occasional cases give access to a\nsmall random chunk of kernel memory. (CVE-2005-0178)\n\nThe PaX team discovered a flaw in mlockall introduced in the 2.6.9\nkernel. An unprivileged user could use this flaw to cause a denial of\nservice (CPU and memory consumption or crash). (CVE-2005-0179)\n\nBrad Spengler discovered multiple flaws in sg_scsi_ioctl in the 2.6\nkernel. An unprivileged user may be able to use this flaw to cause a\ndenial of service (crash) or possibly other actions. (CVE-2005-0180)\n\nKirill Korotaev discovered a missing access check regression in the\nRed Hat Enterprise Linux 4 kernel 4GB/4GB split patch. On systems\nusing the hugemem kernel, a local unprivileged user could use this\nflaw to cause a denial of service (crash). (CVE-2005-0090)\n\nA flaw in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch\ncan allow syscalls to read and write arbitrary kernel memory. On\nsystems using the hugemem kernel, a local unprivileged user could use\nthis flaw to gain privileges. (CVE-2005-0091)\n\nAn additional flaw in the Red Hat Enterprise Linux 4 kernel 4GB/4GB\nsplit patch was discovered. On x86 systems using the hugemem kernel, a\nlocal unprivileged user may be able to use this flaw to cause a denial\nof service (crash). (CVE-2005-0092)\n\nAll Red Hat Enterprise Linux 4 users are advised to upgrade their\nkernels to the packages associated with their machine architectures\nand configurations as listed in this erratum.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-1056\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-1137\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-1235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-0001\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-0090\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-0091\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-0092\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-0176\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-0177\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-0178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-0179\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-0180\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-0204\"\n );\n # http://www.isec.pl/vulnerabilities/isec-0018-igmp.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://isec.pl/en/vulnerabilities/isec-0018-igmp.txt\"\n );\n # http://www.isec.pl/vulnerabilities/isec-0021-uselib.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://isec.pl/en/vulnerabilities/isec-0021-uselib.txt\"\n );\n # http://www.isec.pl/vulnerabilities/isec-0022-pagefault.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://isec.pl/en/vulnerabilities/isec-0022-pagefault.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2005:092\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-smp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/01/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/02/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/02/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2004-1056\", \"CVE-2004-1137\", \"CVE-2004-1235\", \"CVE-2005-0001\", \"CVE-2005-0090\", \"CVE-2005-0091\", \"CVE-2005-0092\", \"CVE-2005-0176\", \"CVE-2005-0177\", \"CVE-2005-0178\", \"CVE-2005-0179\", \"CVE-2005-0180\", \"CVE-2005-0204\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2005:092\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2005:092\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"kernel-2.6.9-5.0.3.EL\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"kernel-devel-2.6.9-5.0.3.EL\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"kernel-doc-2.6.9-5.0.3.EL\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-hugemem-2.6.9-5.0.3.EL\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-hugemem-devel-2.6.9-5.0.3.EL\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-smp-2.6.9-5.0.3.EL\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-smp-2.6.9-5.0.3.EL\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-smp-devel-2.6.9-5.0.3.EL\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-smp-devel-2.6.9-5.0.3.EL\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-devel / kernel-doc / kernel-hugemem / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:19", "bulletinFamily": "unix", "description": "The Linux kernel handles the basic functions of the operating system.\n\nThis advisory includes fixes for several security issues:\n\niSEC Security Research discovered multiple vulnerabilities in the IGMP\nfunctionality. These flaws could allow a local user to cause a denial of\nservice (crash) or potentially gain privileges. Where multicast\napplications are being used on a system, these flaws may also allow remote\nusers to cause a denial of service. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CAN-2004-1137 to\nthis issue.\n\niSEC Security Research discovered a flaw in the page fault handler code\nthat could lead to local users gaining elevated (root) privileges on\nmultiprocessor machines. (CAN-2005-0001)\n\niSEC Security Research discovered a VMA handling flaw in the uselib(2)\nsystem call of the Linux kernel. A local user could make use of this\nflaw to gain elevated (root) privileges. (CAN-2004-1235)\n\nA flaw affecting the OUTS instruction on the AMD64 and Intel EM64T\narchitecture was discovered. A local user could use this flaw to write to\nprivileged IO ports. (CAN-2005-0204)\n\nThe Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does not\nproperly check the DMA lock, which could allow remote attackers or local\nusers to cause a denial of service (X Server crash) or possibly modify the\nvideo output. (CAN-2004-1056)\n\nOGAWA Hirofumi discovered incorrect tables sizes being used in the\nfilesystem Native Language Support ASCII translation table. This could\nlead to a denial of service (system crash). (CAN-2005-0177)\n\nMichael Kerrisk discovered a flaw in the 2.6.9 kernel which allows users to\nunlock arbitrary shared memory segments. This flaw could lead to\napplications not behaving as expected. (CAN-2005-0176)\n\nImprovements in the POSIX signal and tty standards compliance exposed\na race condition. This flaw can be triggered accidentally by threaded\napplications or deliberately by a malicious user and can result in a\ndenial of service (crash) or in occasional cases give access to a small\nrandom chunk of kernel memory. (CAN-2005-0178)\n\nThe PaX team discovered a flaw in mlockall introduced in the 2.6.9 kernel.\nAn unprivileged user could use this flaw to cause a denial of service\n(CPU and memory consumption or crash). (CAN-2005-0179)\n\nBrad Spengler discovered multiple flaws in sg_scsi_ioctl in the 2.6 kernel.\nAn unprivileged user may be able to use this flaw to cause a denial of\nservice (crash) or possibly other actions. (CAN-2005-0180)\n\nKirill Korotaev discovered a missing access check regression in the Red Hat\nEnterprise Linux 4 kernel 4GB/4GB split patch. On systems using the\nhugemem kernel, a local unprivileged user could use this flaw to cause a\ndenial of service (crash). (CAN-2005-0090)\n\nA flaw in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch can\nallow syscalls to read and write arbitrary kernel memory. On systems using\nthe hugemem kernel, a local unprivileged user could use this flaw to gain\nprivileges. (CAN-2005-0091)\n\nAn additional flaw in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split\npatch was discovered. On x86 systems using the hugemem kernel, a local\nunprivileged user may be able to use this flaw to cause a denial of service\n(crash). (CAN-2005-0092)\n\nAll Red Hat Enterprise Linux 4 users are advised to upgrade their\nkernels to the packages associated with their machine architectures\nand configurations as listed in this erratum.", "modified": "2017-09-08T12:17:45", "published": "2005-02-18T05:00:00", "id": "RHSA-2005:092", "href": "https://access.redhat.com/errata/RHSA-2005:092", "type": "redhat", "title": "(RHSA-2005:092) kernel security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}