Lucene search

Veracode Vulnerability DatabaseVERACODE:23750

HistoryApr 10, 2020 - 12:35 a.m.

Denial Of Service (DoS)

2020-04-1000:35:22

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

JSON

The kernel is vulnerable to denial of service (DoS).The ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags were not cleared when a setuid or setgid program was executed. A local, unprivileged user could use this flaw to bypass the mmap_min_addr protection mechanism and perform a NULL pointer dereference attack, or bypass the Address Space Layout Randomization (ASLR) security feature.

CPENameOperatorVersion
kerneleq2.6.18__8.1.15.el5
kerneleq2.6.18__53.1.21.el5
kerneleq2.6.18__128.1.1.el5
kerneleq2.6.18__8.1.1.el5
kerneleq2.6.18__92.1.18.el5
kerneleq2.6.18__8.1.8.el5
kerneleq2.6.18__53.1.14.el5
kerneleq2.6.18__53.1.19.el5
kerneleq2.6.18__92.1.22.el5
kerneleq2.6.18__92.1.10.el5

Name	Operator	Version
kernel	eq	2.6.18__8.1.15.el5
kernel	eq	2.6.18__53.1.21.el5
kernel	eq	2.6.18__128.1.1.el5
kernel	eq	2.6.18__8.1.1.el5
kernel	eq	2.6.18__92.1.18.el5
kernel	eq	2.6.18__8.1.8.el5
kernel	eq	2.6.18__53.1.14.el5
kernel	eq	2.6.18__53.1.19.el5
kernel	eq	2.6.18__92.1.22.el5
kernel	eq	2.6.18__92.1.10.el5

Rows per page:

1-10 of 901

References

blog.cr0.org/2009/06/bypassing-linux-null-pointer.html

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f9fabcb58a6d26d6efde842d1703ac7cfa9427b6

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f9fabcb58a6d26d6efde842d1703ac7cfa9427b6

patchwork.kernel.org/patch/32598/

secunia.com/advisories/35801

secunia.com/advisories/36045

secunia.com/advisories/36051

secunia.com/advisories/36054

secunia.com/advisories/36116

secunia.com/advisories/36131

secunia.com/advisories/36759

secunia.com/advisories/37471

wiki.rpath.com/Advisories:rPSA-2009-0111

www.debian.org/security/2009/dsa-1844

www.debian.org/security/2009/dsa-1845

www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc3

www.mandriva.com/security/advisories?name=MDVSA-2011:051

www.osvdb.org/55807

www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/Technical_Notes/kernel.html#RHSA-2009-1193

www.redhat.com/security/updates/classification/#important

www.redhat.com/support/errata/RHSA-2009-1193.html

www.redhat.com/support/errata/RHSA-2009-1438.html

www.securityfocus.com/archive/1/505254/100/0/threaded

www.securityfocus.com/archive/1/507985/100/0/threaded

www.securityfocus.com/archive/1/512019/100/0/threaded

www.securityfocus.com/bid/35647

www.ubuntu.com/usn/usn-807-1

www.vmware.com/security/advisories/VMSA-2009-0016.html

www.vupen.com/english/advisories/2009/1866

www.vupen.com/english/advisories/2009/3316

access.redhat.com/errata/RHSA-2009:1193

bugs.launchpad.net/bugs/cve/2009-1895

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11768

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7826

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9453

rhn.redhat.com/errata/RHSA-2009-1540.html

rhn.redhat.com/errata/RHSA-2009-1550.html

www.redhat.com/archives/fedora-package-announce/2009-August/msg00166.html

www.redhat.com/archives/fedora-package-announce/2009-August/msg00223.html

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

JSON

Related for VERACODE:23750