Denial Of Service (DoS)

2020-04-1000:39:19

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

The kernel package is vulnerable to denial of service (DoS). The RHSA-2009:0225 update introduced a rewrite attack flaw in the do_coredump() function. A local attacker able to guess the file name a process is going to dump its core to, prior to the process crashing, could use this flaw to append data to the dumped core file. This issue only affects systems that have “/proc/sys/fs/suid_dumpable” set to 2 (the default value is 0).

CPENameOperatorVersion
kerneleq2.6.18__8.1.14.el5
kerneleq2.6.18__92.1.17.el5
kerneleq2.6.18__128.1.14.el5
kerneleq2.6.18__164.el5
kerneleq2.6.18__92.1.22.el5
kerneleq2.6.18__164.10.1.el5
kerneleq2.6.18__8.1.8.el5
kerneleq2.6.18__53.1.4.el5
kerneleq2.6.18__164.6.1.el5
kerneleq2.6.18__8.1.3.lspp.81.el5

Name	Operator	Version
kernel	eq	2.6.18__8.1.14.el5
kernel	eq	2.6.18__92.1.17.el5
kernel	eq	2.6.18__128.1.14.el5
kernel	eq	2.6.18__164.el5
kernel	eq	2.6.18__92.1.22.el5
kernel	eq	2.6.18__164.10.1.el5
kernel	eq	2.6.18__8.1.8.el5
kernel	eq	2.6.18__53.1.4.el5
kernel	eq	2.6.18__164.6.1.el5
kernel	eq	2.6.18__8.1.3.lspp.81.el5