PT-2005-2270 · Linux+1 · Linux Kernel+1
Paul Starzetz
·
Published
2005-05-11
·
Updated
2018-10-19
·
CVE-2005-1263
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
Linux kernel versions 2.x.x through 2.2.27-rc2
Linux kernel versions 2.4.x through 2.4.31-pre1
Linux kernel versions 2.6.x through 2.6.12-rc4
Description:
The issue allows local users to execute arbitrary code via an ELF binary. This occurs under certain conditions involving the create elf tables function, where a negative length argument passes a signed integer comparison, leading to a buffer overflow.
Recommendations:
For Linux kernel versions 2.x.x through 2.2.27-rc2, update to a version later than 2.2.27-rc2 to resolve the issue.
For Linux kernel versions 2.4.x through 2.4.31-pre1, update to a version later than 2.4.31-pre1 to resolve the issue.
For Linux kernel versions 2.6.x through 2.6.12-rc4, update to a version later than 2.6.12-rc4 to resolve the issue.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Linux Kernel
Red Hat