SB2005071101 - Race condition in Linux kernel
Published: July 11, 2005
Security Bulletin ID
SB2005071101
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Race condition (CVE-ID: CVE-2005-1768)
The vulnerability allows a local user to read and manipulate data.
Race condition in the ia32 compatibility code for the execve system call in Linux kernel 2.4 before 2.4.31 and 2.6 before 2.6.6 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via a concurrent thread that increments a pointer count after the nargs function has counted the pointers, but before the count is copied from user space to kernel space, which leads to a buffer overflow.
Remediation
Install update from vendor's website.
References
- ftp://patches.sgi.com/support/free/security/advisories/20060402-01-U
- http://marc.info/?l=bugtraq&m=112110120216116&w=2
- http://secunia.com/advisories/15980
- http://secunia.com/advisories/17002
- http://secunia.com/advisories/18059
- http://secunia.com/advisories/19185
- http://secunia.com/advisories/19607
- http://securitytracker.com/id?1014442
- http://www.debian.org/security/2005/dsa-921
- http://www.novell.com/linux/security/advisories/2005_44_kernel.html
- http://www.redhat.com/support/errata/RHSA-2005-551.html
- http://www.redhat.com/support/errata/RHSA-2005-663.html
- http://www.securityfocus.com/bid/14205
- http://www.suresec.org/advisories/adv4.pdf
- http://www.vupen.com/english/advisories/2005/1878
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11117