SB2005123111 - Security features in Linux kernel
Published: December 31, 2005
Security Bulletin ID
SB2005123111
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Security features (CVE-ID: CVE-2005-4352)
The vulnerability allows a local user to corrupt data.
The securelevels implementation in NetBSD 2.1 and earlier, and Linux 2.6.15 and earlier, allows local users to bypass time setting restrictions and set the clock backwards by setting the clock ahead to the maximum unixtime value (19 Jan 2038), which then wraps around to the minimum value (13 Dec 1901), which can then be set ahead to the desired time, aka 'settimeofday() time wrap.'
Remediation
Install update from vendor's website.
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041178.html
- http://secunia.com/advisories/25691
- http://securitytracker.com/id?1015454
- http://www.redteam-pentesting.de/advisories/rt-sa-2005-16.txt
- http://www.securityfocus.com/archive/1/421426/100/0/threaded
- http://www.securityfocus.com/archive/1/471457
- http://www.securityfocus.com/bid/16170
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24036