blob: 87dd16a60308d6b5669a72b01a585e9039d714cf (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
Candidate: CVE-2005-0176
References:
http://marc.theaimsgroup.com/?l=full-disclosure&m=110846102231365&w=2
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
http://www.redhat.com/support/errata/RHSA-2005-092.html
http://oval.mitre.org/oval/definitions/data/oval1225.html
http://www.kernel.org/git/?p=linux/kernel/git/tglx/history.git;a=commit;h=2637792e3d9ae50079238615fd16384a0d393b30
Description:
The shmctl function in Linux 2.6.9 and earlier allows local users to unlock
the memory of other processes, which could cause sensitive memory to be swapped
to disk, which could allow it to be read by other users once it has been released.
Notes:
It appears that 2.6.8 and earlier are not vulnerable as prior to the
following patch, local users could not effect lock or unlock
http://www.kernel.org/git/?p=linux/kernel/git/tglx/history.git;a=commit;h=16698c49bbb42567c0bbc528d3820d18885e4642
That is, only 2.6.10 is effected.
Bugs:
upstream:
linux-2.6: N/A
2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
2.4.19-woody-security: N/A
2.4.18-woody-security: N/A
2.4.17-woody-security: N/A
2.4.16-woody-security: N/A
2.4.17-woody-security-hppa: N/A
2.4.17-woody-security-ia64: N/A
|
