CVE-2005-0001

Sažetak

Race condition in the page fault handler (fault.c) for Linux kernel 2.2.x to 2.2.7, 2.4 to 2.4.29, and 2.6 to 2.6.10, when running on multiprocessor machines, allows local users to execute arbitrary code via concurrent threads that share the same virtual memory space and simultaneously request stack expansion.

Reference

http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
http://isec.pl/vulnerabilities/isec-0022-pagefault.txt
http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030826.html
http://marc.info/?l=bugtraq&m=110554694522719&w=2
http://marc.info/?l=bugtraq&m=110581146702951&w=2
http://secunia.com/advisories/13822
http://secunia.com/advisories/20163
http://secunia.com/advisories/20202
http://secunia.com/advisories/20338
http://securitytracker.com/id?1012862
http://www.debian.org/security/2006/dsa-1067
http://www.debian.org/security/2006/dsa-1069
http://www.debian.org/security/2006/dsa-1070
http://www.debian.org/security/2006/dsa-1082
http://www.mandriva.com/security/advisories?name=MDKSA-2005:022
http://www.redhat.com/support/errata/RHSA-2005-016.html
http://www.redhat.com/support/errata/RHSA-2005-017.html
http://www.redhat.com/support/errata/RHSA-2005-043.html
http://www.redhat.com/support/errata/RHSA-2005-092.html
http://www.securityfocus.com/bid/12244
http://www.trustix.org/errata/2005/0001/
https://bugzilla.fedora.us/show_bug.cgi?id=2336
https://exchange.xforce.ibmcloud.com/vulnerabilities/18849
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10322

CVSS

Base:	6.9
Impact:	10.0
Exploitability:	3.4

Pristup

Vektor	Složenost	Autentikacija
LOCAL	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

11-10-2017 - 01:29

Objavljeno

02-05-2005 - 04:00