Race condition in Linux kernel - CVE-2005-1768
Published: July 11, 2005 / Updated: October 11, 2017
Vulnerability identifier: #VU95472
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2005-1768
CWE-ID: CWE-362
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to read and manipulate data.
Race condition in the ia32 compatibility code for the execve system call in Linux kernel 2.4 before 2.4.31 and 2.6 before 2.6.6 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via a concurrent thread that increments a pointer count after the nargs function has counted the pointers, but before the count is copied from user space to kernel space, which leads to a buffer overflow.
How to mitigate CVE-2005-1768
Install update from vendor's repository.
Sources
- ftp://patches.sgi.com/support/free/security/advisories/20060402-01-U
- http://marc.info/?l=bugtraq&m=112110120216116&w=2
- http://secunia.com/advisories/15980
- http://secunia.com/advisories/17002
- http://secunia.com/advisories/18059
- http://secunia.com/advisories/19185
- http://secunia.com/advisories/19607
- http://securitytracker.com/id?1014442
- http://www.debian.org/security/2005/dsa-921
- http://www.novell.com/linux/security/advisories/2005_44_kernel.html
- http://www.redhat.com/support/errata/RHSA-2005-551.html
- http://www.redhat.com/support/errata/RHSA-2005-663.html
- http://www.securityfocus.com/bid/14205
- http://www.suresec.org/advisories/adv4.pdf
- http://www.vupen.com/english/advisories/2005/1878
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11117