|
Linux Kernel Local DoS and Memory Content Disclosure Vulnerabilities
|
|
Secunia Advisory:
|
SA13308
|
|
|
Release Date:
|
2004-11-25
|
|
Last Update:
|
2005-01-19
|
|
Popularity:
|
13,292 views
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
Exposure of sensitive information
DoS
|
|
Where:
|
Local system
|
|
Solution Status:
|
Unpatched
|
|
| OS: | Linux Kernel 2.4.x
Linux Kernel 2.6.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
| CVE reference: | CVE-2004-1074
CVE-2005-0003
|
|
Description:
Two vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain knowledge of potentially sensitive information.
1) An unspecified error can be exploited via a specially crafted a.out binary to cause a DoS. A variant also affects the 64-bit ELF support.
2) A race condition within the memory management can be exploited to disclose the content of random physical memory pages.
Solution:
Secunia is currently not aware of updated versions of the Linux Kernel fixing these vulnerabilities.
Grant only trusted users access to affected systems.
Provided and/or discovered by:
First reported in a SUSE advisory.
Changelog:
2004-12-01: Added CVE reference.
2005-01-19: Added information about variant and added CVE reference.
Original Advisory:
http://www.suse.de/de/security/2004_01_sr.html
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
