Memory corruption in Linux kernel - CVE-2005-0504
Published: March 14, 2005 / Updated: October 11, 2017
Vulnerability identifier: #VU95770
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2005-0504
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to read and manipulate data.
Buffer overflow in the MoxaDriverIoctl function for the moxa serial driver (moxa.c) in Linux 2.2.x, 2.4.x, and 2.6.x before 2.6.22 allows local users to execute arbitrary code via a certain modified length value.
How to mitigate CVE-2005-0504
Install update from vendor's repository.
Sources
- http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22
- http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030660.html
- http://secunia.com/advisories/17002
- http://secunia.com/advisories/20163
- http://secunia.com/advisories/20202
- http://secunia.com/advisories/20338
- http://secunia.com/advisories/26651
- http://secunia.com/advisories/30112
- http://securitytracker.com/id?1013273
- http://www.debian.org/security/2006/dsa-1067
- http://www.debian.org/security/2006/dsa-1069
- http://www.debian.org/security/2006/dsa-1070
- http://www.debian.org/security/2006/dsa-1082
- http://www.redhat.com/support/errata/RHSA-2005-529.html
- http://www.redhat.com/support/errata/RHSA-2005-551.html
- http://www.redhat.com/support/errata/RHSA-2005-663.html
- http://www.redhat.com/support/errata/RHSA-2008-0237.html
- http://www.securityfocus.com/bid/12195
- http://www.ubuntu.com/usn/usn-508-1
- http://www.vupen.com/english/advisories/2005/1878
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9770