Buffer overflow in Linux kernel - CVE-2005-2490

Detailed vulnerability description

The vulnerability allows a local user to read and manipulate data.

Stack-based buffer overflow in the sendmsg function call in the Linux kernel 2.6 before 2.6.13.1 allows local users to execute arbitrary code by calling sendmsg and modifying the message contents in another thread.

How to mitigate CVE-2005-2490

Sources

• http://marc.info/?l=bugtraq&m=112690609622266&w=2
• http://secunia.com/advisories/16747/
• http://secunia.com/advisories/17002
• http://secunia.com/advisories/17073
• http://secunia.com/advisories/17826
• http://secunia.com/advisories/17918
• http://secunia.com/advisories/19374
• http://www.debian.org/security/2006/dsa-1017
• http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.13.1
• http://www.mandriva.com/security/advisories?name=MDKSA-2005:219
• http://www.mandriva.com/security/advisories?name=MDKSA-2005:220
• http://www.mandriva.com/security/advisories?name=MDKSA-2005:235
• http://www.redhat.com/support/errata/RHSA-2005-514.html
• http://www.redhat.com/support/errata/RHSA-2005-663.html
• http://www.securityfocus.com/archive/1/419522/100/0/threaded
• http://www.securityfocus.com/archive/1/427980/100/0/threaded
• http://www.securityfocus.com/archive/1/428028/100/0/threaded
• http://www.securityfocus.com/archive/1/428058/100/0/threaded
• http://www.securityfocus.com/bid/14785
• http://www.ubuntu.com/usn/usn-178-1
• http://www.vupen.com/english/advisories/2005/1878
• https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166248
• https://exchange.xforce.ibmcloud.com/vulnerabilities/22217
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10481