Vulnerabilities > CVE-2005-1913 - Local Denial Of Service vulnerability in Linux Kernel Subthread Exec
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The Linux kernel 2.6 before 2.6.12.1 allows local users to cause a denial of service (kernel panic) via a non group-leader thread executing a different program than was pending in itimer, which causes the signal to be delivered to the old group-leader task, which does not exist.
Vulnerable Configurations
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2005-510.NASL description - Wed Jun 29 2005 Dave Jones <davej at redhat.com> - 2.6.12.2 - Mon Jun 27 2005 Dave Jones <davej at redhat.com> - Disable multipath caches. (#161168) - Reenable AMD756 I2C driver for x86-64. (#159609) - Add more IBM r40e BIOS last seen 2020-06-01 modified 2020-06-02 plugin id 18604 published 2005-07-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18604 title Fedora Core 4 : kernel-2.6.12-1.1387_FC4 (2005-510) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-178-1.NASL description Oleg Nesterov discovered a local Denial of Service vulnerability in the timer handling. When a non group-leader thread called exec() to execute a different program while an itimer was pending, the timer expiry would signal the old group leader task, which did not exist any more. This caused a kernel panic. This vulnerability only affects Ubuntu 5.04. (CAN-2005-1913) Al Viro discovered that the sendmsg() function did not sufficiently validate its input data. By calling sendmsg() and at the same time modifying the passed message in another thread, he could exploit this to execute arbitrary commands with kernel privileges. This only affects the amd64 bit platform. (CAN-2005-2490) Al Viro discovered a vulnerability in the raw_sendmsg() function. By calling this function with specially crafted arguments, a local attacker could either read kernel memory contents (leading to information disclosure) or manipulate the hardware state by reading certain IO ports. This vulnerability only affects Ubuntu 5.04. (CAN-2005-2492) Jan Blunck discovered a Denial of Service vulnerability in the procfs interface of the SCSI driver. By repeatedly reading /proc/scsi/sg/devices, a local attacker could eventually exhaust kernel memory. (CAN-2005-2800) A flaw was discovered in the handling of extended attributes on ext2 and ext3 file systems. Under certain condidions, this could prevent the enforcement of Access Control Lists, which eventually could lead to information disclosure, unauthorized program execution, or unauthorized data modification. This does not affect the standard Unix permissions. (CAN-2005-2801) Chad Walstrom discovered a Denial of Service in the ipt_recent module, which can be used in netfilter (Firewall configuration). A remote attacker could exploit this to crash the kernel by sending certain packets (such as an SSH brute-force attack) to a host which uses the last seen 2020-06-01 modified 2020-06-02 plugin id 20588 published 2006-01-15 reporter Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20588 title Ubuntu 4.10 / 5.04 : linux-source-2.6.10, linux-source-2.6.8.1 vulnerabilities (USN-178-1)