#VU94808 Improper input validation in Linux kernel - CVE-2005-1762
Vulnerability identifier: #VU94808
Vulnerability risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2005-1762
CWE-ID:
CWE-20
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform service disruption.
The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform allows local users to cause a denial of service (kernel crash) via a 'non-canonical' address.
Mitigation
Install update from vendor's repository.
Vulnerable software versions
Linux kernel: All versions
External links
https://secunia.com/advisories/15786
https://secunia.com/advisories/17002
https://secunia.com/advisories/17073
https://secunia.com/advisories/18056
https://secunia.com/advisories/18059
https://www.debian.org/security/2005/dsa-921
https://www.debian.org/security/2005/dsa-922
https://www.novell.com/linux/security/advisories/2005_29_kernel.html
https://www.redhat.com/support/errata/RHSA-2005-514.html
https://www.redhat.com/support/errata/RHSA-2005-663.html
https://www.securityfocus.com/archive/1/427980/100/0/threaded
https://www.securityfocus.com/archive/1/428058/100/0/threaded
https://www.securityfocus.com/bid/13904
https://www.vupen.com/english/advisories/2005/1878
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10630
https://usn.ubuntu.com/143-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
