Vulnerabilities > CVE-2005-0937 - Unspecified vulnerability in Linux Kernel
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN linux
nessus
Summary
Some futex functions in futex.c for Linux kernel 2.6.x perform get_user calls while holding the mmap_sem semaphore, which could allow local users to cause a deadlock condition in do_page_fault by triggering get_user faults while another thread is executing mmap or other functions.
Vulnerable Configurations
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-110-1.NASL description Alexander Nyberg discovered an integer overflow in the sysfs_write_file() function. A local attacker could exploit this to crash the kernel or possibly even execute arbitrary code with root privileges by writing to an user-writable file in /sys under certain low-memory conditions. However, there are very few cases where a user-writeable sysfs file actually exists. (CAN-2005-0867) Olof Johansson discovered a Denial of Service vulnerability in the futex functions, which provide semaphores for exclusive locking of resources. A local attacker could possibly exploit this to cause a kernel deadlock. (CAN-2005-0937) In addition this update fixes two race conditions in the ext3 and jfs file system drivers, which could lead to a kernel crash under certain (unusual) conditions. However, these cannot easily be triggered by users, thus they are not security sensitive. (http://linux.bkbits.net:8080/linux-2.5/gnupatch@4248d87aETPJX79hVXl4o wAUwu2SmQ, http://linux.bkbits.net:8080/linux-2.6/[email protected]) Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 20497 published 2006-01-15 reporter Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20497 title Ubuntu 4.10 : linux-source-2.6.8.1 vulnerabilities (USN-110-1) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-420.NASL description Updated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 4. This is the first regular update. [Updated 9 August 2005] The advisory text has been updated to show that this update also contained fixes for the security issues named CVE-2005-0209 and CVE-2005-0937. No changes have been made to the packages associated with this advisory. The Linux kernel handles the basic functions of the operating system. This is the first regular kernel update to Red Hat Enterprise Linux 4. A flaw affecting the auditing code was discovered. On Itanium architectures a local user could use this flaw to cause a denial of service (crash). This issue is rated as having important security impact (CVE-2005-0136). A flaw was discovered in the servicing of a raw device ioctl. A local user who has access to raw devices could use this flaw to write to kernel memory and cause a denial of service or potentially gain privileges. This issue is rated as having moderate security impact (CVE-2005-1264). A flaw in fragment forwarding was discovered that affected the netfilter subsystem for certain network interface cards. A remote attacker could send a set of bad fragments and cause a denial of service (system crash). Acenic and SunGEM network interfaces were the only adapters affected, which are in widespread use. (CVE-2005-0209) A flaw in the futex functions was discovered affecting the Linux 2.6 kernel. A local user could use this flaw to cause a denial of service (system crash). (CVE-2005-0937) New features introduced by this update include: - Fixed TCP BIC congestion handling. - Diskdump support for more controllers (megaraid, SATA) - Device mapper multipath support - AMD64 dual core support. - Intel ICH7 hardware support. There were many bug fixes in various parts of the kernel. The ongoing effort to resolve these problems has resulted in a marked improvement in the reliability and scalability of Red Hat Enterprise Linux 4. The following device drivers have been upgraded to new versions: ata_piix -------- 1.03 bonding --------- 2.6.1 e1000 ----------- 5.6.10.1-k2-NAPI e100 ------------ 3.3.6-k2-NAPI ibmveth --------- 1.03 libata ---------- 1.02 to 1.10 lpfc ------------ 0:8.0.16 to 0:8.0.16.6_x2 megaraid_mbox --- 2.20.4.0 to 2.20.4.5 megaraid_mm ----- 2.20.2.0-rh1 to 2.20.2.5 sata_nv --------- 0.03 to 0.6 sata_promise ---- 1.00 to 1.01 sata_sil -------- 0.8 sata_sis -------- 0.5 sata_svw -------- 1.05 sata_sx4 -------- 0.7 sata_via -------- 1.0 sata_vsc -------- 1.0 tg3 ------------- 3.22-rh ipw2100 --------- 1.0.3 ipw2200 --------- 1.0.0 All Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum. last seen 2020-06-01 modified 2020-06-02 plugin id 21937 published 2006-07-05 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21937 title CentOS 4 : kernel (CESA-2005:420) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-420.NASL description Updated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 4. This is the first regular update. [Updated 9 August 2005] The advisory text has been updated to show that this update also contained fixes for the security issues named CVE-2005-0209 and CVE-2005-0937. No changes have been made to the packages associated with this advisory. The Linux kernel handles the basic functions of the operating system. This is the first regular kernel update to Red Hat Enterprise Linux 4. A flaw affecting the auditing code was discovered. On Itanium architectures a local user could use this flaw to cause a denial of service (crash). This issue is rated as having important security impact (CVE-2005-0136). A flaw was discovered in the servicing of a raw device ioctl. A local user who has access to raw devices could use this flaw to write to kernel memory and cause a denial of service or potentially gain privileges. This issue is rated as having moderate security impact (CVE-2005-1264). A flaw in fragment forwarding was discovered that affected the netfilter subsystem for certain network interface cards. A remote attacker could send a set of bad fragments and cause a denial of service (system crash). Acenic and SunGEM network interfaces were the only adapters affected, which are in widespread use. (CVE-2005-0209) A flaw in the futex functions was discovered affecting the Linux 2.6 kernel. A local user could use this flaw to cause a denial of service (system crash). (CVE-2005-0937) New features introduced by this update include: - Fixed TCP BIC congestion handling. - Diskdump support for more controllers (megaraid, SATA) - Device mapper multipath support - AMD64 dual core support. - Intel ICH7 hardware support. There were many bug fixes in various parts of the kernel. The ongoing effort to resolve these problems has resulted in a marked improvement in the reliability and scalability of Red Hat Enterprise Linux 4. The following device drivers have been upgraded to new versions: ata_piix -------- 1.03 bonding --------- 2.6.1 e1000 ----------- 5.6.10.1-k2-NAPI e100 ------------ 3.3.6-k2-NAPI ibmveth --------- 1.03 libata ---------- 1.02 to 1.10 lpfc ------------ 0:8.0.16 to 0:8.0.16.6_x2 megaraid_mbox --- 2.20.4.0 to 2.20.4.5 megaraid_mm ----- 2.20.2.0-rh1 to 2.20.2.5 sata_nv --------- 0.03 to 0.6 sata_promise ---- 1.00 to 1.01 sata_sil -------- 0.8 sata_sis -------- 0.5 sata_svw -------- 1.05 sata_sx4 -------- 0.7 sata_via -------- 1.0 sata_vsc -------- 1.0 tg3 ------------- 3.22-rh ipw2100 --------- 1.0.3 ipw2200 --------- 1.0.0 All Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum. last seen 2020-06-01 modified 2020-06-02 plugin id 18444 published 2005-06-10 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/18444 title RHEL 4 : kernel (RHSA-2005:420) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-110.NASL description Multiple vulnerabilities in the Linux kernel have been discovered and fixed in this update. The following CVE names have been fixed in the LE2005 kernel : Colin Percival discovered a vulnerability in Intel last seen 2020-06-01 modified 2020-06-02 plugin id 18598 published 2005-07-01 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18598 title Mandrake Linux Security Advisory : kernel (MDKSA-2005:110)
Oval
| accepted | 2013-04-29T04:00:45.484-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | Some futex functions in futex.c for Linux kernel 2.6.x perform get_user calls while holding the mmap_sem semaphore, which could allow local users to cause a deadlock condition in do_page_fault by triggering get_user faults while another thread is executing mmap or other functions. | ||||||||||||
| family | unix | ||||||||||||
| id | oval:org.mitre.oval:def:10037 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||
| title | Some futex functions in futex.c for Linux kernel 2.6.x perform get_user calls while holding the mmap_sem semaphore, which could allow local users to cause a deadlock condition in do_page_fault by triggering get_user faults while another thread is executing mmap or other functions. | ||||||||||||
| version | 26 |
Redhat
| advisories |
| ||||
| rpms |
|
References
- http://lkml.org/lkml/2005/2/22/123
- http://www.redhat.com/support/errata/RHSA-2005-420.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10037
- http://www.securityfocus.com/archive/1/427980/100/0/threaded
- http://linux.bkbits.net:8080/linux-2.6/cset%40421cfc11zFsK9gxvSJ2t__FCmuUd3Q