CVE-2005-0003

Current Description

The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly check for overlapping VMA (virtual memory address) allocations, which allows local users to cause a denial of service (system crash) or execute arbitrary code via a crafted ELF or a.out file.

Basic Data

PublishedApril 14, 2005
Last ModifiedOctober 11, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:L/Au:N/C:N/I:N/A:P
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score2.1
SeverityLOW
Exploitability Score3.9
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationAvayaMn100********
    2.3ApplicationAvayaNetwork Routing********
    2.3HardwareAvayaConverged Communications Server2.0*******
    2.3HardwareAvayaS8710r2.0.0*******
    2.3HardwareAvayaS8710r2.0.1*******
    2.3OSAvayaModular Messaging Message Storage Server1.1*******
    2.3OSAvayaModular Messaging Message Storage Server2.0*******
    2.3OSLinuxLinux Kernel2.4.0*******
    2.3OSLinuxLinux Kernel2.4.0test1******
    2.3OSLinuxLinux Kernel2.4.0test10******
    2.3OSLinuxLinux Kernel2.4.0test11******
    2.3OSLinuxLinux Kernel2.4.0test12******
    2.3OSLinuxLinux Kernel2.4.0test2******
    2.3OSLinuxLinux Kernel2.4.0test3******
    2.3OSLinuxLinux Kernel2.4.0test4******
    2.3OSLinuxLinux Kernel2.4.0test5******
    2.3OSLinuxLinux Kernel2.4.0test6******
    2.3OSLinuxLinux Kernel2.4.0test7******
    2.3OSLinuxLinux Kernel2.4.0test8******
    2.3OSLinuxLinux Kernel2.4.0test9******
    2.3OSLinuxLinux Kernel2.4.1*******
    2.3OSLinuxLinux Kernel2.4.2*******
    2.3OSLinuxLinux Kernel2.4.3*******
    2.3OSLinuxLinux Kernel2.4.4*******
    2.3OSLinuxLinux Kernel2.4.5*******
    2.3OSLinuxLinux Kernel2.4.6*******
    2.3OSLinuxLinux Kernel2.4.7*******
    2.3OSLinuxLinux Kernel2.4.8*******
    2.3OSLinuxLinux Kernel2.4.9*******
    2.3OSLinuxLinux Kernel2.4.10*******
    2.3OSLinuxLinux Kernel2.4.11*******
    2.3OSLinuxLinux Kernel2.4.12*******
    2.3OSLinuxLinux Kernel2.4.13*******
    2.3OSLinuxLinux Kernel2.4.14*******
    2.3OSLinuxLinux Kernel2.4.15*******
    2.3OSLinuxLinux Kernel2.4.16*******
    2.3OSLinuxLinux Kernel2.4.17*******
    2.3OSLinuxLinux Kernel2.4.18*******
    2.3OSLinuxLinux Kernel2.4.18*x86*****
    2.3OSLinuxLinux Kernel2.4.18pre1******
    2.3OSLinuxLinux Kernel2.4.18pre2******
    2.3OSLinuxLinux Kernel2.4.18pre3******
    2.3OSLinuxLinux Kernel2.4.18pre4******
    2.3OSLinuxLinux Kernel2.4.18pre5******
    2.3OSLinuxLinux Kernel2.4.18pre6******
    2.3OSLinuxLinux Kernel2.4.18pre7******
    2.3OSLinuxLinux Kernel2.4.18pre8******
    2.3OSLinuxLinux Kernel2.4.19*******
    2.3OSLinuxLinux Kernel2.4.19pre1******
    2.3OSLinuxLinux Kernel2.4.19pre2******
    2.3OSLinuxLinux Kernel2.4.19pre3******
    2.3OSLinuxLinux Kernel2.4.19pre4******
    2.3OSLinuxLinux Kernel2.4.19pre5******
    2.3OSLinuxLinux Kernel2.4.19pre6******
    2.3OSLinuxLinux Kernel2.4.20*******
    2.3OSLinuxLinux Kernel2.4.21*******
    2.3OSLinuxLinux Kernel2.4.21pre1******
    2.3OSLinuxLinux Kernel2.4.21pre4******
    2.3OSLinuxLinux Kernel2.4.21pre7******
    2.3OSLinuxLinux Kernel2.4.22*******
    2.3OSLinuxLinux Kernel2.4.23*******
    2.3OSLinuxLinux Kernel2.4.23pre9******
    2.3OSLinuxLinux Kernel2.4.23_ow2*******
    2.3OSLinuxLinux Kernel2.4.24*******
    2.3OSLinuxLinux Kernel2.4.24_ow1*******
    2.3OSLinuxLinux Kernel2.4.25*******
    2.3OSLinuxLinux Kernel2.4.26*******
    2.3OSLinuxLinux Kernel2.4.27*******
    2.3OSLinuxLinux Kernel2.4.27pre1******
    2.3OSLinuxLinux Kernel2.4.27pre2******
    2.3OSLinuxLinux Kernel2.4.27pre3******
    2.3OSLinuxLinux Kernel2.4.27pre4******
    2.3OSLinuxLinux Kernel2.4.27pre5******
    2.3OSLinuxLinux Kernel2.4.28*******
    2.3OSLinuxLinux Kernel2.4.29rc1******
    2.3OSLinuxLinux Kernel2.4.29rc2******
    2.3OSMandrakesoftMandrake Linux9.2*******
    2.3OSMandrakesoftMandrake Linux9.2*amd64*****
    2.3OSMandrakesoftMandrake Linux10.0*******
    2.3OSMandrakesoftMandrake Linux10.0*amd64*****
    2.3OSMandrakesoftMandrake Linux10.1*******
    2.3OSMandrakesoftMandrake Linux10.1*x86_64*****
    2.3OSMandrakesoftMandrake Linux Corporate Server2.1*******
    2.3OSMandrakesoftMandrake Linux Corporate Server2.1*x86_64*****
    2.3OSMandrakesoftMandrake Linux Corporate Server3.0*******
    2.3OSRedhatEnterprise Linux3.0*advanced_servers*****
    2.3OSRedhatEnterprise Linux3.0*enterprise_server*****
    2.3OSRedhatEnterprise Linux3.0*workstation*****
    2.3OSRedhatEnterprise Linux Desktop3.0*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationAvayaIntuity Audix**lx*****
    2.3ApplicationMandrakesoftMandrake Multi Network Firewall8.2*******
    2.3HardwareAvayaS8300r2.0.0*******
    2.3HardwareAvayaS8300r2.0.1*******
    2.3HardwareAvayaS8500r2.0.0*******
    2.3HardwareAvayaS8500r2.0.1*******
    2.3HardwareAvayaS8700r2.0.0*******
    2.3HardwareAvayaS8700r2.0.1*******

Vulnerable Software List

VendorProductVersions
Avaya Mn100 *
Avaya S8300 r2.0.0, r2.0.1
Avaya Network Routing *
Avaya S8710 r2.0.0, r2.0.1
Avaya Intuity Audix *
Avaya S8500 r2.0.0, r2.0.1
Avaya S8700 r2.0.0, r2.0.1
Avaya Modular Messaging Message Storage Server 1.1, 2.0
Avaya Converged Communications Server 2.0
Redhat Enterprise Linux 3.0
Redhat Enterprise Linux Desktop 3.0
Mandrakesoft Mandrake Multi Network Firewall 8.2
Mandrakesoft Mandrake Linux 10.0, 10.1, 9.2
Mandrakesoft Mandrake Linux Corporate Server 2.1, 3.0
Linux Linux Kernel 2.4.0, 2.4.1, 2.4.10, 2.4.11, 2.4.12, 2.4.13, 2.4.14, 2.4.15, 2.4.16, 2.4.17, 2.4.18, 2.4.19, 2.4.2, 2.4.20, 2.4.21, 2.4.22, 2.4.23, 2.4.23_ow2, 2.4.24, 2.4.24_ow1, 2.4.25, 2.4.26, 2.4.27, 2.4.28, 2.4.29, 2.4.3, 2.4.4, 2.4.5, 2.4.6, 2.4.7, 2.4.8, 2.4.9

References

NameSourceURLTags
http://linux.bkbits.net:8080/linux-2.4/cset@41c36fb6q1Z68WUzKQFjJR-40Ev3twhttp://linux.bkbits.net:8080/linux-2.4/cset@41c36fb6q1Z68WUzKQFjJR-40Ev3twCONFIRM
http://linux.bkbits.net:8080/linux-2.6/cset@41a6721cce-LoPqkzKXudYby_3TUmghttp://linux.bkbits.net:8080/linux-2.6/cset@41a6721cce-LoPqkzKXudYby_3TUmgMISC
20163http://secunia.com/advisories/20163SECUNIA
20202http://secunia.com/advisories/20202SECUNIA
20338http://secunia.com/advisories/20338SECUNIA
1012885http://securitytracker.com/id?1012885SECTRACK
DSA-1067http://www.debian.org/security/2006/dsa-1067DEBIAN
DSA-1069http://www.debian.org/security/2006/dsa-1069DEBIAN
DSA-1070http://www.debian.org/security/2006/dsa-1070DEBIAN
DSA-1082http://www.debian.org/security/2006/dsa-1082DEBIAN
MDKSA-2005:022http://www.mandriva.com/security/advisories?name=MDKSA-2005:022MANDRAKE
SUSE-SA:2005:018http://www.novell.com/linux/security/advisories/2005_18_kernel.htmlSUSE
RHSA-2005:017http://www.redhat.com/support/errata/RHSA-2005-017.htmlREDHAT
RHSA-2005:043http://www.redhat.com/support/errata/RHSA-2005-043.htmlREDHATPatch Vendor Advisory
12261http://www.securityfocus.com/bid/12261BIDPatch Vendor Advisory
2005-0001http://www.trustix.org/errata/2005/0001/TRUSTIX
linux-vma-gain-privileges(18886)https://exchange.xforce.ibmcloud.com/vulnerabilities/18886XF
oval:org.mitre.oval:def:9512https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9512OVAL