Vulnerabilities > CVE-2005-0815 - ISO9660 Filesystem Handling vulnerability in Linux Kernel

047910
CVSS 6.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
linux
nessus
exploit available

Summary

Multiple "range checking flaws" in the ISO9660 filesystem handler in Linux 2.6.11 and earlier may allow attackers to cause a denial of service or corrupt memory via a crafted filesystem.

Vulnerable Configurations

Part Description Count
OS
Linux
247

Exploit-Db

descriptionLinux Kernel 2.4.x/2.6.x Multiple Unspecified ISO9660 Filesystem Handling Vulnerabilities. CVE-2005-0815. Local exploit for linux platform
idEDB-ID:25234
last seen2016-02-03
modified2005-03-17
published2005-03-17
reporterMichal Zalewski
sourcehttps://www.exploit-db.com/download/25234/
titleLinux Kernel 2.4.x/2.6.x - Multiple Unspecified ISO9660 Filesystem Handling Vulnerabilities

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-366.NASL
    descriptionUpdated kernel packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 9 August 2005] The advisory text has been updated to show that this update fixed the security issue named CVE-2005-0210 but not CVE-2005-0209. The issue CVE-2005-0209 was actually fixed by RHSA-2005:420. No changes have been made to the packages associated with this advisory. The Linux kernel handles the basic functions of the operating system. A flaw in the fib_seq_start function was discovered. A local user could use this flaw to cause a denial of service (system crash) via /proc/net/route. (CVE-2005-1041) A flaw in the tmpfs file system was discovered. A local user could use this flaw to cause a denial of service (system crash). (CVE-2005-0977) An integer overflow flaw was found when writing to a sysfs file. A local user could use this flaw to overwrite kernel memory, causing a denial of service (system crash) or arbitrary code execution. (CVE-2005-0867) Keith Owens reported a flaw in the Itanium unw_unwind_to_user function. A local user could use this flaw to cause a denial of service (system crash) on Itanium architectures. (CVE-2005-0135) A flaw in the NFS client O_DIRECT error case handling was discovered. A local user could use this flaw to cause a denial of service (system crash). (CVE-2005-0207) A small memory leak when defragmenting local packets was discovered that affected the Linux 2.6 kernel netfilter subsystem. A local user could send a large number of carefully crafted fragments leading to memory exhaustion (CVE-2005-0210) A flaw was discovered in the Linux PPP driver. On systems allowing remote users to connect to a server using ppp, a remote client could cause a denial of service (system crash). (CVE-2005-0384) A flaw was discovered in the ext2 file system code. When a new directory is created, the ext2 block written to disk is not initialized, which could lead to an information leak if a disk image is made available to unprivileged users. (CVE-2005-0400) A flaw in fragment queuing was discovered that affected the Linux kernel netfilter subsystem. On systems configured to filter or process network packets (e.g. firewalling), a remote attacker could send a carefully crafted set of fragmented packets to a machine and cause a denial of service (system crash). In order to sucessfully exploit this flaw, the attacker would need to know or guess some aspects of the firewall ruleset on the target system. (CVE-2005-0449) A number of flaws were found in the Linux 2.6 kernel. A local user could use these flaws to read kernel memory or cause a denial of service (crash). (CVE-2005-0529, CVE-2005-0530, CVE-2005-0531) An integer overflow in sys_epoll_wait in eventpoll.c was discovered. A local user could use this flaw to overwrite low kernel memory. This memory is usually unused, not usually resulting in a security consequence. (CVE-2005-0736) A flaw when freeing a pointer in load_elf_library was discovered. A local user could potentially use this flaw to cause a denial of service (crash). (CVE-2005-0749) A flaw was discovered in the bluetooth driver system. On systems where the bluetooth modules are loaded, a local user could use this flaw to gain elevated (root) privileges. (CVE-2005-0750) A race condition was discovered that affected the Radeon DRI driver. A local user who has DRI privileges on a Radeon graphics card may be able to use this flaw to gain root privileges. (CVE-2005-0767) Multiple range checking flaws were discovered in the iso9660 file system handler. An attacker could create a malicious file system image which would cause a denial or service or potentially execute arbitrary code if mounted. (CVE-2005-0815) A flaw was discovered when setting line discipline on a serial tty. A local user may be able to use this flaw to inject mouse movements or keystrokes when another user is logged in. (CVE-2005-0839) Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum. Please note that
    last seen2020-06-01
    modified2020-06-02
    plugin id18095
    published2005-04-19
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/18095
    titleRHEL 4 : kernel (RHSA-2005:366)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2005-366.NASL
    descriptionUpdated kernel packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 9 August 2005] The advisory text has been updated to show that this update fixed the security issue named CVE-2005-0210 but not CVE-2005-0209. The issue CVE-2005-0209 was actually fixed by RHSA-2005:420. No changes have been made to the packages associated with this advisory. The Linux kernel handles the basic functions of the operating system. A flaw in the fib_seq_start function was discovered. A local user could use this flaw to cause a denial of service (system crash) via /proc/net/route. (CVE-2005-1041) A flaw in the tmpfs file system was discovered. A local user could use this flaw to cause a denial of service (system crash). (CVE-2005-0977) An integer overflow flaw was found when writing to a sysfs file. A local user could use this flaw to overwrite kernel memory, causing a denial of service (system crash) or arbitrary code execution. (CVE-2005-0867) Keith Owens reported a flaw in the Itanium unw_unwind_to_user function. A local user could use this flaw to cause a denial of service (system crash) on Itanium architectures. (CVE-2005-0135) A flaw in the NFS client O_DIRECT error case handling was discovered. A local user could use this flaw to cause a denial of service (system crash). (CVE-2005-0207) A small memory leak when defragmenting local packets was discovered that affected the Linux 2.6 kernel netfilter subsystem. A local user could send a large number of carefully crafted fragments leading to memory exhaustion (CVE-2005-0210) A flaw was discovered in the Linux PPP driver. On systems allowing remote users to connect to a server using ppp, a remote client could cause a denial of service (system crash). (CVE-2005-0384) A flaw was discovered in the ext2 file system code. When a new directory is created, the ext2 block written to disk is not initialized, which could lead to an information leak if a disk image is made available to unprivileged users. (CVE-2005-0400) A flaw in fragment queuing was discovered that affected the Linux kernel netfilter subsystem. On systems configured to filter or process network packets (e.g. firewalling), a remote attacker could send a carefully crafted set of fragmented packets to a machine and cause a denial of service (system crash). In order to sucessfully exploit this flaw, the attacker would need to know or guess some aspects of the firewall ruleset on the target system. (CVE-2005-0449) A number of flaws were found in the Linux 2.6 kernel. A local user could use these flaws to read kernel memory or cause a denial of service (crash). (CVE-2005-0529, CVE-2005-0530, CVE-2005-0531) An integer overflow in sys_epoll_wait in eventpoll.c was discovered. A local user could use this flaw to overwrite low kernel memory. This memory is usually unused, not usually resulting in a security consequence. (CVE-2005-0736) A flaw when freeing a pointer in load_elf_library was discovered. A local user could potentially use this flaw to cause a denial of service (crash). (CVE-2005-0749) A flaw was discovered in the bluetooth driver system. On systems where the bluetooth modules are loaded, a local user could use this flaw to gain elevated (root) privileges. (CVE-2005-0750) A race condition was discovered that affected the Radeon DRI driver. A local user who has DRI privileges on a Radeon graphics card may be able to use this flaw to gain root privileges. (CVE-2005-0767) Multiple range checking flaws were discovered in the iso9660 file system handler. An attacker could create a malicious file system image which would cause a denial or service or potentially execute arbitrary code if mounted. (CVE-2005-0815) A flaw was discovered when setting line discipline on a serial tty. A local user may be able to use this flaw to inject mouse movements or keystrokes when another user is logged in. (CVE-2005-0839) Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum. Please note that
    last seen2020-06-01
    modified2020-06-02
    plugin id21928
    published2006-07-05
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21928
    titleCentOS 3 / 4 : kernel (CESA-2005:366)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-663.NASL
    descriptionUpdated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 3. This is the sixth regular update. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. This is the sixth regular kernel update to Red Hat Enterprise Linux 3. New features introduced by this update include : - diskdump support on HP Smart Array devices - netconsole/netdump support over bonded interfaces - new chipset and device support via PCI table updates - support for new
    last seen2020-06-01
    modified2020-06-02
    plugin id19832
    published2005-10-05
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/19832
    titleRHEL 3 : kernel (RHSA-2005:663)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2006-0191.NASL
    descriptionUpdated kernel packages that fix a number of security issues as well as other bugs are now available for Red Hat Enterprise Linux 2.1 (32 bit architectures) This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below : - a flaw in network IGMP processing that a allowed a remote user on the local network to cause a denial of service (disabling of multicast reports) if the system is running multicast applications (CVE-2002-2185, moderate) - a race condition that allowed local users to read the environment variables of another process (CVE-2004-1058, low) - a flaw in the open_exec function of execve that allowed a local user to read setuid ELF binaries that should otherwise be protected by standard permissions. (CVE-2004-1073, moderate). Red Hat originally reported this flaw as being fixed by RHSA-2004:504, but a patch for this issue was missing from that update. - a flaw in the coda module that allowed a local user to cause a denial of service (crash) or possibly gain privileges (CVE-2005-0124, moderate) - a potential leak of kernel data from ext2 file system handling (CVE-2005-0400, low) - flaws in ISO-9660 file system handling that allowed the mounting of an invalid image on a CD-ROM to cause a denial of service (crash) or potentially execute arbitrary code (CVE-2005-0815, moderate) - a flaw in gzip/zlib handling internal to the kernel that may allow a local user to cause a denial of service (crash) (CVE-2005-2458, low) - a flaw in procfs handling during unloading of modules that allowed a local user to cause a denial of service or potentially gain privileges (CVE-2005-2709, moderate) - a flaw in IPv6 network UDP port hash table lookups that allowed a local user to cause a denial of service (hang) (CVE-2005-2973, important) - a network buffer info leak using the orinoco driver that allowed a remote user to possibly view uninitialized data (CVE-2005-3180, important) - a flaw in IPv4 network TCP and UDP netfilter handling that allowed a local user to cause a denial of service (crash) (CVE-2005-3275, important) - a flaw in the IPv6 flowlabel code that allowed a local user to cause a denial of service (crash) (CVE-2005-3806, important) The following bugs were also addressed : - Handle set_brk() errors in binfmt_elf/aout - Correct error handling in shmem_ioctl - Correct scsi error return - Fix netdump time keeping bug - Fix netdump link-down freeze - Fix FAT fs deadlock All Red Hat Enterprise Linux 2.1 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.
    last seen2020-06-01
    modified2020-06-02
    plugin id20855
    published2006-02-05
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/20855
    titleRHEL 2.1 : kernel (RHSA-2006:0191)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2005-663.NASL
    descriptionUpdated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 3. This is the sixth regular update. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. This is the sixth regular kernel update to Red Hat Enterprise Linux 3. New features introduced by this update include : - diskdump support on HP Smart Array devices - netconsole/netdump support over bonded interfaces - new chipset and device support via PCI table updates - support for new
    last seen2020-06-01
    modified2020-06-02
    plugin id21849
    published2006-07-03
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21849
    titleCentOS 3 : kernel (CESA-2005:663)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-103-1.NASL
    descriptionMathieu Lafon discovered an information leak in the ext2 file system driver. When a new directory was created, the ext2 block written to disk was not initialized, so that previous memory contents (which could contain sensitive data like passwords) became visible on the raw device. This is particularly important if the target device is removable and thus can be read by users other than root. (CAN-2005-0400) Yichen Xie discovered a Denial of Service vulnerability in the ELF loader. A specially crafted ELF library or executable could cause an attempt to free an invalid pointer, which lead to a kernel crash. (CAN-2005-0749) Ilja van Sprundel discovered that the bluez_sock_create() function did not check its
    last seen2020-06-01
    modified2020-06-02
    plugin id20489
    published2006-01-15
    reporterUbuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20489
    titleUbuntu 4.10 : linux-source-2.6.8.1 vulnerabilities (USN-103-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-262.NASL
    description - Sun Mar 27 2005 Dave Jones <davej at redhat.com> - Catch up with all recent security issues. - CVE-2005-0210 : dst leak - CVE-2005-0384 : ppp dos - CVE-2005-0531 : Sign handling issues. - CVE-2005-0400 : EXT2 information leak. - CVE-2005-0449 : Remote oops. - CVE-2005-0736 : Epoll overflow - CVE-2005-0749 : ELF loader may kfree wrong memory. - CVE-2005-0750 : Missing range checking in bluetooth - CVE-2005-0767 : drm race in radeon - CVE-2005-0815 : Corrupt isofs images could cause oops. - Tue Mar 22 2005 Dave Jones <davej at redhat.com> - Fix swapped parameters to memset in ieee802.11 code. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id18324
    published2005-05-19
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/18324
    titleFedora Core 2 : kernel-2.6.10-1.771_FC2 (2005-262)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-313.NASL
    descriptionThis update rebases the kernel to the latest upstream stable release, which fixes a number of security issues. Notably : - CVE-2005-0210 : dst leak - CVE-2005-0384 : ppp dos - CVE-2005-0531 : Sign handling issues. - CVE-2005-0400 : EXT2 information leak. - CVE-2005-0449 : Remote oops. - CVE-2005-0736 : Epoll overflow - CVE-2005-0749 : ELF loader may kfree wrong memory. - CVE-2005-0750 : Missing range checking in bluetooth - CVE-2005-0767 : drm race in radeon - CVE-2005-0815 : Corrupt isofs images could cause oops Additionally, a large number of improvements have come from the 2.6.10 -> 2.6.11 transition. This update requires you are running the latest udev package, and also (if you are using SELinux) the latest selinux policy packages. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id19648
    published2005-09-12
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19648
    titleFedora Core 3 : kernel-2.6.11-1.14_FC3 (2005-313)

Oval

accepted2013-04-29T04:18:43.362-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptionMultiple "range checking flaws" in the ISO9660 filesystem handler in Linux 2.6.11 and earlier may allow attackers to cause a denial of service or corrupt memory via a crafted filesystem.
familyunix
idoval:org.mitre.oval:def:9307
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleMultiple "range checking flaws" in the ISO9660 filesystem handler in Linux 2.6.11 and earlier may allow attackers to cause a denial of service or corrupt memory via a crafted filesystem.
version26

Redhat

advisories
  • rhsa
    idRHSA-2005:366
  • rhsa
    idRHSA-2005:663
  • rhsa
    idRHSA-2006:0190
  • rhsa
    idRHSA-2006:0191
rpms
  • kernel-0:2.6.9-5.0.5.EL
  • kernel-debuginfo-0:2.6.9-5.0.5.EL
  • kernel-devel-0:2.6.9-5.0.5.EL
  • kernel-doc-0:2.6.9-5.0.5.EL
  • kernel-hugemem-0:2.6.9-5.0.5.EL
  • kernel-hugemem-devel-0:2.6.9-5.0.5.EL
  • kernel-smp-0:2.6.9-5.0.5.EL
  • kernel-smp-devel-0:2.6.9-5.0.5.EL
  • kernel-0:2.4.21-37.EL
  • kernel-BOOT-0:2.4.21-37.EL
  • kernel-debuginfo-0:2.4.21-37.EL
  • kernel-doc-0:2.4.21-37.EL
  • kernel-hugemem-0:2.4.21-37.EL
  • kernel-hugemem-unsupported-0:2.4.21-37.EL
  • kernel-smp-0:2.4.21-37.EL
  • kernel-smp-unsupported-0:2.4.21-37.EL
  • kernel-source-0:2.4.21-37.EL
  • kernel-unsupported-0:2.4.21-37.EL