PT-2004-3686 · Linux+2 · Linux Kernel+2

Harald Welte

·

Publicado

1970-01-01

·

Atualizado

2018-10-19

·

CVE-2005-3055

CVSS v2.0

10

Alta

VetorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions 2.6.8 through 2.6.14-rc2 Debian GNU/Linux kernel-image and kernel-headers packages (affected versions not specified)
Description The issue affects the Linux kernel and can lead to a denial of service (kernel OOPS) via a userspace process that issues a USB Request Block (URB) to a USB device and terminates before the URB is finished, resulting in a stale pointer reference. This can cause disruption to confidentiality, integrity, and availability of protected information. The vulnerability can be exploited remotely.
Recommendations For Linux kernel versions 2.6.8 through 2.6.14-rc2, update to a version later than 2.6.14-rc2 to resolve the issue. For Debian GNU/Linux kernel-image and kernel-headers packages, update to the latest available versions to ensure you have the latest security patches. As a temporary workaround, consider restricting access to USB devices until a patch is available.

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

BDU:2015-02209
BDU:2015-02210
BDU:2015-02211
BDU:2015-02212
BDU:2015-02213
BDU:2015-02214
BDU:2015-02215
BDU:2015-02216
BDU:2015-02217
BDU:2015-02218
BDU:2015-02219
BDU:2015-02220
BDU:2015-02221
BDU:2015-02222
BDU:2015-02223
BDU:2015-02224
BDU:2015-02225
BDU:2015-02226
BDU:2015-02227
BDU:2015-02228
BDU:2015-02229
BDU:2015-02230
BDU:2015-02231
BDU:2015-02232
BDU:2015-02233
BDU:2015-02234
BDU:2015-02235
BDU:2015-02236
BDU:2015-02237
BDU:2015-02238
BDU:2015-02239
BDU:2015-02240
BDU:2015-02241
BDU:2015-02242
BDU:2015-02243
BDU:2015-02244
BDU:2015-02245
BDU:2015-02246
BDU:2015-02247
BDU:2015-02248
BDU:2015-02249
BDU:2015-02250
BDU:2015-02251
BDU:2015-02252
BDU:2015-02253
BDU:2015-02254
BDU:2015-02255
BDU:2015-02256
BDU:2015-02257
BDU:2015-02258
BDU:2015-02259
BDU:2015-02260
BDU:2015-02261
BDU:2015-02262
BDU:2015-02263
BDU:2015-02264
BDU:2015-02265
BDU:2015-02266
BDU:2015-02267
BDU:2015-02268
BDU:2015-02269
BDU:2015-02270
BDU:2015-02271
BDU:2015-02272
BDU:2015-02273
BDU:2015-02274
BDU:2015-02275
BDU:2015-02276
BDU:2015-02277
BDU:2015-02278
BDU:2015-02279
BDU:2015-02280
BDU:2015-02281
BDU:2015-02282
BDU:2015-02283
BDU:2015-02284
BDU:2015-02285
BDU:2015-02286
BDU:2015-02287
BDU:2015-02288
BDU:2015-02289
BDU:2015-02290
BDU:2015-02291
BDU:2015-02292
BDU:2015-02293
BDU:2015-02294
BDU:2015-02295
BDU:2015-02296
BDU:2015-02297
BDU:2015-02298
BDU:2015-02299
BDU:2015-02300
BDU:2015-02301
BDU:2015-02302
BDU:2015-02303
BDU:2015-02304
BDU:2015-02305
BDU:2015-02306
BDU:2015-02307
BDU:2015-02308
BDU:2015-02309
BDU:2015-02310
BDU:2015-02311
BDU:2015-02312
BDU:2015-02313
BDU:2015-02314
BDU:2015-02315
BDU:2015-02316
BDU:2015-02317
BDU:2015-02318
BDU:2015-02319
BDU:2015-02320
BDU:2015-02321
BDU:2015-02322
BDU:2015-02323
BDU:2015-02324
BDU:2015-02325
BDU:2015-02326
BDU:2015-02327
BDU:2015-02328
BDU:2015-02329
BDU:2015-02330
BDU:2015-02331
BDU:2015-02332
BDU:2015-02333
BDU:2015-02334
BDU:2015-02335
BDU:2015-02336
BDU:2015-02337
BDU:2015-02338
BDU:2015-02339
BDU:2015-02340
BDU:2015-02341
BDU:2015-02342
BDU:2015-02343
BDU:2015-02344
BDU:2015-02345
BDU:2015-02346
BDU:2015-02347
BDU:2015-02348
BDU:2015-02349
BDU:2015-02350
BDU:2015-02351
BDU:2015-02352
BDU:2015-02353
BDU:2015-02354
BDU:2015-02355
BDU:2015-02356
BDU:2015-02357
BDU:2015-02358
BDU:2015-02359
BDU:2015-02360
BDU:2015-02361
BDU:2015-02362
BDU:2015-02363
BDU:2015-02364
BDU:2015-02365
BDU:2015-02366
BDU:2015-02367
BDU:2015-02368
BDU:2015-02370
BDU:2015-02371
BDU:2015-02389
BDU:2015-04239
BDU:2015-04240
BDU:2015-04241
CVE-2005-3055
DSA-1017-1
RHSA-2006:0437
RHSA-2006:0575
RHSA-2006_0575

Produtos afetados

Debian
Linux Kernel
Red Hat