SB2005021501 - Information exposure in Linux kernel
Published: February 15, 2005
Security Bulletin ID
SB2005021501
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Information exposure (CVE-ID: CVE-2005-0176)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The shmctl function in Linux 2.6.9 and earlier allows local users to unlock the memory of other processes, which could cause sensitive memory to be swapped to disk, which could allow it to be read by other users once it has been released.
Remediation
Install update from vendor's website.
References
- ftp://patches.sgi.com/support/free/security/advisories/20060402-01-U
- http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
- http://marc.info/?l=full-disclosure&m=110846102231365&w=2
- http://secunia.com/advisories/19607
- http://www.redhat.com/support/errata/RHSA-2005-092.html
- http://www.redhat.com/support/errata/RHSA-2005-472.html
- http://www.securityfocus.com/bid/12598
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1225
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8778