SB2005031401 - Memory corruption in Linux kernel
Published: March 14, 2005
Security Bulletin ID
SB2005031401
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Memory corruption (CVE-ID: CVE-2005-0504)
The vulnerability allows a local user to read and manipulate data.
Buffer overflow in the MoxaDriverIoctl function for the moxa serial driver (moxa.c) in Linux 2.2.x, 2.4.x, and 2.6.x before 2.6.22 allows local users to execute arbitrary code via a certain modified length value.
Remediation
Install update from vendor's website.
References
- http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22
- http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030660.html
- http://secunia.com/advisories/17002
- http://secunia.com/advisories/20163
- http://secunia.com/advisories/20202
- http://secunia.com/advisories/20338
- http://secunia.com/advisories/26651
- http://secunia.com/advisories/30112
- http://securitytracker.com/id?1013273
- http://www.debian.org/security/2006/dsa-1067
- http://www.debian.org/security/2006/dsa-1069
- http://www.debian.org/security/2006/dsa-1070
- http://www.debian.org/security/2006/dsa-1082
- http://www.redhat.com/support/errata/RHSA-2005-529.html
- http://www.redhat.com/support/errata/RHSA-2005-551.html
- http://www.redhat.com/support/errata/RHSA-2005-663.html
- http://www.redhat.com/support/errata/RHSA-2008-0237.html
- http://www.securityfocus.com/bid/12195
- http://www.ubuntu.com/usn/usn-508-1
- http://www.vupen.com/english/advisories/2005/1878
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9770