LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

kernel: multiple vulnerabilities

Package(s):kernel CVE #(s):CVE-2005-3356 CVE-2005-4605 CVE-2005-4618 CVE-2005-4639 CVE-2006-0095 CVE-2006-0096
Created:January 18, 2006 Updated:March 7, 2006
Description: The latest set of kernel vulnerabilities includes:

  • A reference counting bug in sys_mq_open(), exploitable by a local user to crash the kernel. (CVE-2005-3356)

  • A misuse of signed data types in /proc, potentially providing read access to random kernel memory. (CVE-2005-4605)

  • An off-by-one error in sysctl(), with the potential for arbitrary code execution. (CVE-2005-4618)

  • A buffer overflow in the TwinHan DST Frontend/Card DVB driver; potential code execution. (CVE-2005-4639)

  • A potential key disclosure in dm-crypt. (CVE-2006-0095)

  • Missing capability check could (maybe) allow arbitrary users to load new firmware into SDLA WAN cards. (CVE-2006-0096)
Alerts:
Red Hat RHSA-2006:0132-01 2006-03-07
Trustix TSLSA-2006-0004 2006-01-27
Ubuntu USN-244-1 2006-01-18
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds