| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2005-4811 |
|
|
DoS |
2005-12-31 |
2010-08-21 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The hugepage code (hugetlb.c) in Linux kernel 2.6, possibly 2.6.12 and 2.6.13, in certain configurations, allows local users to cause a denial of service (crash) by triggering an mmap error before a prefault, which causes an error in the unmap_hugepage_area function. |
|
2 |
CVE-2005-4798 |
|
|
DoS Overflow |
2005-12-31 |
2010-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in NFS readlink handling in the Linux Kernel 2.4 up to 2.4.31 allows remote NFS servers to cause a denial of service (crash) via a long symlink, which is not properly handled in (1) nfs2xdr.c or (2) nfs3xdr.c and causes a crash in the NFS client. |
|
3 |
CVE-2005-4639 |
|
|
DoS Exec Code Overflow |
2005-12-31 |
2009-11-12 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the CA-driver (dst_ca.c) for TwinHan DST Frontend/Card in Linux kernel 2.6.12 and other versions before 2.6.15 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by "reading more than 8 bytes into an 8 byte long array". |
|
4 |
CVE-2005-4635 |
|
|
DoS |
2005-12-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The nl_fib_input function in fib_frontend.c in the Linux kernel before 2.6.15 does not check for valid lengths of the header and payload, which allows remote attackers to cause a denial of service (invalid memory reference) via malformed fib_lookup netlink messages. |
|
5 |
CVE-2005-4618 |
|
|
DoS Overflow |
2005-12-31 |
2009-11-12 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Buffer overflow in sysctl in the Linux Kernel 2.6 before 2.6.15 allows local users to corrupt user memory and possibly cause a denial of service via a long string, which causes sysctl to write a zero byte outside the buffer. NOTE: since the sysctl is called from a userland program that provides the argument, this might not be a vulnerability, unless a legitimate user-assisted or setuid scenario can be identified. |
|
6 |
CVE-2005-4605 |
|
|
|
2005-12-31 |
2010-08-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The procfs code (proc_misc.c) in Linux 2.6.14.3 and other versions before 2.6.15 allows attackers to read sensitive kernel memory via unspecified vectors in which a signed value is added to an unsigned value. |
|
7 |
CVE-2005-4352 |
|
|
Bypass |
2005-12-31 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The securelevels implementation in NetBSD 2.1 and earlier, and Linux 2.6.15 and earlier, allows local users to bypass time setting restrictions and set the clock backwards by setting the clock ahead to the maximum unixtime value (19 Jan 2038), which then wraps around to the minimum value (13 Dec 1901), which can then be set ahead to the desired time, aka "settimeofday() time wrap." |
|
8 |
CVE-2005-4351 |
|
|
Bypass |
2005-12-31 |
2008-09-05 |
4.3 |
None |
Local |
Low |
Single system |
Partial |
Partial |
Partial |
|
The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up to 3.8, DragonFly up to 1.2, and Linux up to 2.6.15 allows root users to bypass immutable settings for files by mounting another filesystem that masks the immutable files while the system is running. |
|
9 |
CVE-2005-3858 |
|
|
DoS |
2005-11-27 |
2010-08-21 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Memory leak in the ip6_input_finish function in ip6_input.c in Linux kernel 2.6.12 and earlier might allow attackers to cause a denial of service via malformed IPv6 packets with unspecified parameter problems, which prevents the SKB from being freed. |
|
10 |
CVE-2005-3857 |
399 |
|
DoS |
2005-11-27 |
2012-03-19 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The time_out_leases function in locks.c for Linux kernel before 2.6.15-rc3 allows local users to cause a denial of service (kernel log message consumption) by causing a large number of broken leases, which is recorded to the log using the printk function. |
|
11 |
CVE-2005-3848 |
|
|
DoS |
2005-11-26 |
2010-08-21 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Memory leak in the icmp_push_reply function in Linux 2.6 before 2.6.12.6 and 2.6.13 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted packets that cause the ip_append_data function to fail, aka "DST leak in icmp_push_reply." |
|
12 |
CVE-2005-3847 |
|
|
DoS |
2005-11-26 |
2008-09-05 |
4.0 |
None |
Local |
High |
Not required |
None |
None |
Complete |
|
The handle_stop_signal function in signal.c in Linux kernel 2.6.11 up to other versions before 2.6.13 and 2.6.12.6 allows local users to cause a denial of service (deadlock) by sending a SIGKILL to a real-time threaded process while it is performing a core dump. |
|
13 |
CVE-2005-3810 |
|
|
DoS |
2005-11-25 |
2008-09-05 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
ip_conntrack_proto_icmp.c in ctnetlink in Linux kernel 2.6.14 up to 2.6.14.3 allows attackers to cause a denial of service (kernel oops) via a message without ICMP ID (ICMP_ID) information, which leads to a null dereference. |
|
14 |
CVE-2005-3809 |
|
|
DoS |
2005-11-25 |
2008-09-05 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The nfattr_to_tcp function in ip_conntrack_proto_tcp.c in ctnetlink in Linux kernel 2.6.14 up to 2.6.14.3 allows attackers to cause a denial of service (kernel oops) via an update message without private protocol information, which triggers a null dereference. |
|
15 |
CVE-2005-3808 |
|
|
DoS Overflow |
2005-11-25 |
2010-04-02 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Integer overflow in the invalidate_inode_pages2_range function in mm/truncate.c in Linux kernel 2.6.11 to 2.6.14 allows local users to cause a denial of service (hang) via 64-bit mmap calls that are not properly handled on a 32-bit system. |
|
16 |
CVE-2005-3807 |
|
|
DoS |
2005-11-25 |
2008-09-05 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Memory leak in the VFS file lease handling in locks.c in Linux kernels 2.6.10 to 2.6.15 allows local users to cause a denial of service (memory exhaustion) via certain Samba activities that cause an fasync entry to be re-allocated by the fcntl_setlease function after the fasync queue has already been cleaned by the locks_delete_lock function. |
|
17 |
CVE-2005-3806 |
|
|
DoS |
2005-11-25 |
2010-08-21 |
6.6 |
None |
Local |
Low |
Not required |
None |
Complete |
Complete |
|
The IPv6 flow label handling code (ip6_flowlabel.c) in Linux kernels 2.4 up to 2.4.32 and 2.6 before 2.6.14 modifies the wrong variable in certain circumstances, which allows local users to corrupt kernel memory or cause a denial of service (crash) by triggering a free of non-allocated memory. |
|
18 |
CVE-2005-3805 |
|
|
DoS |
2005-11-25 |
2010-04-02 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
A locking problem in POSIX timer cleanup handling on exit in Linux kernel 2.6.10 to 2.6.14, when running on SMP systems, allows local users to cause a denial of service (deadlock) involving process CPU timers. |
|
19 |
CVE-2005-3784 |
399 |
|
DoS +Priv |
2005-11-23 |
2012-03-19 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The auto-reap of child processes in Linux kernel 2.6 before 2.6.15 includes processes with ptrace attached, which leads to a dangling ptrace reference and allows local users to cause a denial of service (crash) and gain root privileges. |
|
20 |
CVE-2005-3783 |
|
|
DoS |
2005-11-23 |
2010-04-02 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The ptrace functionality (ptrace.c) in Linux kernel 2.6 before 2.6.14.2, using CLONE_THREAD, does not use the thread group ID to check whether it is attaching to itself, which allows local users to cause a denial of service (crash). |
|
21 |
CVE-2005-3753 |
|
|
DoS |
2005-11-22 |
2008-09-05 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Linux kernel before after 2.6.12 and before 2.6.13.1 might allow attackers to cause a denial of service (Oops) via certain IPSec packets that cause alignment problems in standard multi-block cipher processors. NOTE: it is not clear whether this issue can be triggered by an attacker. |
|
22 |
CVE-2005-3660 |
|
|
DoS |
2005-12-22 |
2008-09-05 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service (memory exhaustion and panic) by creating a large number of connected file descriptors or socketpairs and setting a large data transfer buffer, then preventing Linux from being able to finish the transfer by causing the process to become a zombie, or closing the file descriptor without closing an associated reference. |
|
23 |
CVE-2005-3623 |
|
|
Bypass |
2005-12-31 |
2010-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
nfs2acl.c in the Linux kernel 2.6.14.4 does not check for MAY_SATTR privilege before setting access controls (ACL) on files on exported NFS filesystems, which allows remote attackers to bypass ACLs for readonly mounted NFS filesystems. |
|
24 |
CVE-2005-3527 |
|
|
DoS |
2005-11-08 |
2010-04-02 |
4.0 |
None |
Local |
High |
Not required |
None |
None |
Complete |
|
Race condition in do_coredump in signal.c in Linux kernel 2.6 allows local users to cause a denial of service by triggering a core dump in one thread while another thread has a pending SIGSTOP. |
|
25 |
CVE-2005-3359 |
|
|
DoS |
2005-12-31 |
2010-08-21 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The atm module in Linux kernel 2.6 before 2.6.14 allows local users to cause a denial of service (panic) via certain socket calls that produce inconsistent reference counts for loadable protocol modules. |
|
26 |
CVE-2005-3358 |
|
|
DoS |
2005-12-14 |
2012-03-19 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Linux kernel before 2.6.15 allows local users to cause a denial of service (panic) via a set_mempolicy call with a 0 bitmask, which causes a panic when a page fault occurs. |
|
27 |
CVE-2005-3356 |
|
|
DoS |
2005-12-31 |
2010-08-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The mq_open system call in Linux kernel 2.6.9, in certain situations, can decrement a counter twice ("double decrement") as a result of multiple calls to the mntput function when the dentry_open function call fails, which allows local users to cause a denial of service (panic) via unspecified attack vectors. |
|
28 |
CVE-2005-3276 |
|
|
+Info |
2005-10-20 |
2010-08-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The sys_get_thread_area function in process.c in Linux 2.6 before 2.6.12.4 and 2.6.13 does not clear a data structure before copying it to userspace, which might allow a user process to obtain sensitive information. |
|
29 |
CVE-2005-3275 |
|
|
DoS Mem. Corr. |
2005-10-20 |
2010-08-21 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
The NAT code (1) ip_nat_proto_tcp.c and (2) ip_nat_proto_udp.c in Linux kernel 2.6 before 2.6.13 and 2.4 before 2.4.32-rc1 incorrectly declares a variable to be static, which allows remote attackers to cause a denial of service (memory corruption) by causing two packets for the same protocol to be NATed at the same time, which leads to memory corruption. |
|
30 |
CVE-2005-3274 |
|
|
DoS |
2005-10-20 |
2010-08-21 |
1.2 |
None |
Local |
High |
Not required |
None |
None |
Partial |
|
Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4 before 2.4.32-pre2, when running on SMP systems, allows local users to cause a denial of service (null dereference) by causing a connection timer to expire while the connection table is being flushed before the appropriate lock is acquired. |
|
31 |
CVE-2005-3273 |
264 |
|
|
2005-10-20 |
2012-03-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The rose_rt_ioctl function in rose_route.c for Radionet Open Source Environment (ROSE) in Linux 2.6 kernels before 2.6.12, and 2.4 before 2.4.29, does not properly verify the ndigis argument for a new route, which allows attackers to trigger array out-of-bounds errors with a large number of digipeats. |
|
32 |
CVE-2005-3272 |
|
|
|
2005-10-20 |
2010-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Linux kernel before 2.6.12 allows remote attackers to poison the bridge forwarding table using frames that have already been dropped by filtering, which can cause the bridge to forward spoofed packets. |
|
33 |
CVE-2005-3271 |
|
|
DoS |
2005-10-20 |
2010-04-02 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Exec in Linux kernel 2.6 does not properly clear posix-timers in multi-threaded environments, which results in a resource leak and could allow a large number of multiple local users to cause a denial of service by using more posix-timers than specified by the quota for a single user. |
|
34 |
CVE-2005-3257 |
264 |
|
+Priv |
2005-10-18 |
2012-03-19 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12, and possibly other versions including 2.6.14.4, allows local users to use the KDSKBSENT ioctl on terminals of other users and gain privileges, as demonstrated by modifying key bindings using loadkeys. |
|
35 |
CVE-2005-3181 |
399 |
|
DoS |
2005-10-12 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The audit system in Linux kernel 2.6.6, and other versions before 2.6.13.4, when CONFIG_AUDITSYSCALL is enabled, uses an incorrect function to free names_cache memory, which prevents the memory from being tracked by AUDITSYSCALL code and leads to a memory leak that allows attackers to cause a denial of service (memory consumption). |
|
36 |
CVE-2005-3180 |
|
|
+Info |
2005-10-12 |
2010-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and earlier does not properly clear memory from a previously used packet whose length is increased, which allows remote attackers to obtain sensitive information. |
|
37 |
CVE-2005-3179 |
|
|
+Info |
2005-10-12 |
2010-04-02 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
drm.c in Linux kernel 2.6.10 to 2.6.13 creates a debug file in sysfs with world-readable and world-writable permissions, which allows local users to enable DRM debugging and obtain sensitive information. |
|
38 |
CVE-2005-3119 |
399 |
|
DoS |
2005-10-12 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Memory leak in the request_key_auth_destroy function in request_key_auth in Linux kernel 2.6.10 up to 2.6.13 allows local users to cause a denial of service (memory consumption) via a large number of authorization token keys. |
|
39 |
CVE-2005-3110 |
|
|
DoS |
2005-09-30 |
2010-08-21 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
Race condition in ebtables netfilter module (ebtables.c) in Linux 2.6, when running on an SMP system that is operating under a heavy load, might allow remote attackers to cause a denial of service (crash) via a series of packets that cause a value to be modified after it has been read but before it has been locked. |
|
40 |
CVE-2005-3109 |
|
|
DoS |
2005-09-30 |
2010-08-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The HFS and HFS+ (hfsplus) modules in Linux 2.6 allow attackers to cause a denial of service (oops) by using hfsplus to mount a filesystem that is not hfsplus. |
|
41 |
CVE-2005-3108 |
|
|
DoS +Info |
2005-09-30 |
2010-08-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
mm/ioremap.c in Linux 2.6 on 64-bit x86 systems allows local users to cause a denial of service or an information leak via an ioremap on a certain memory map that causes the iounmap to perform a lookup of a page that does not exist. |
|
42 |
CVE-2005-3107 |
|
|
DoS |
2005-09-30 |
2010-08-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
fs/exec.c in Linux 2.6, when one thread is tracing another thread that shares the same memory map, might allow local users to cause a denial of service (deadlock) by forcing a core dump when the traced thread is in the TASK_TRACED state. |
|
43 |
CVE-2005-3106 |
|
|
DoS |
2005-09-30 |
2010-08-21 |
1.2 |
None |
Local |
High |
Not required |
None |
None |
Partial |
|
Race condition in Linux 2.6, when threads are sharing memory mapping via CLONE_VM (such as linuxthreads and vfork), might allow local users to cause a denial of service (deadlock) by triggering a core dump while waiting for a thread that has just performed an exec. |
|
44 |
CVE-2005-3105 |
|
|
DoS |
2005-09-30 |
2010-08-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The mprotect code (mprotect.c) in Linux 2.6 on Itanium IA64 Montecito processors does not properly maintain cache coherency as required by the architecture, which allows local users to cause a denial of service and possibly corrupt data by modifying PTE protections. |
|
45 |
CVE-2005-3055 |
|
|
DoS |
2005-09-26 |
2010-08-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial of service (kernel OOPS) via a userspace process that issues a USB Request Block (URB) to a USB device and terminates before the URB is finished, which leads to a stale pointer reference. |
|
46 |
CVE-2005-3053 |
|
|
DoS |
2005-09-26 |
2010-08-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The sys_set_mempolicy function in mempolicy.c in Linux kernel 2.6.x allows local users to cause a denial of service (kernel BUG()) via a negative first argument. |
|
47 |
CVE-2005-3044 |
|
|
DoS |
2005-09-22 |
2010-08-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Multiple vulnerabilities in Linux kernel before 2.6.13.2 allow local users to cause a denial of service (kernel OOPS from null dereference) via (1) fput in a 32-bit ioctl on 64-bit x86 systems or (2) sockfd_put in the 32-bit routing_ioctl function on 64-bit systems. |
|
48 |
CVE-2005-2973 |
|
|
DoS |
2005-10-27 |
2010-08-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The udp_v6_get_port function in udp.c in Linux 2.6 before 2.6.14-rc5, when running IPv6, allows local users to cause a denial of service (infinite loop and crash). |
|
49 |
CVE-2005-2873 |
|
|
|
2005-09-09 |
2010-08-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The ipt_recent kernel module (ipt_recent.c) in Linux kernel 2.6.12 and earlier does not properly perform certain time tests when the jiffies value is greater than LONG_MAX, which can cause ipt_recent netfilter rules to block too early, a different vulnerability than CVE-2005-2872. |
|
50 |
CVE-2005-2872 |
|
|
DoS |
2005-09-09 |
2010-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The ipt_recent kernel module (ipt_recent.c) in Linux kernel before 2.6.12, when running on 64-bit processors such as AMD64, allows remote attackers to cause a denial of service (kernel panic) via certain attacks such as SSH brute force, which leads to memset calls using a length based on the u_int32_t type, acting on an array of unsigned long elements, a different vulnerability than CVE-2005-2873. |
