Local Denial of Service Vulnerability in Linux Kernel 2.6
CVE-2005-0003

Currently unrated

Key Information:

Vendor: Linux
Status: Linux Kernel; Mandrake Linux Corporate Server; Enterprise Linux Desktop; Enterprise Linux
Vendor: CVE Published:; 14 April 2005

Summary

The Linux kernel versions prior to 2.6.10 on 64-bit architectures have a critical flaw in their 64-bit ELF support that fails to adequately check for overlapping virtual memory address (VMA) allocations. This vulnerability can be exploited by local users to induce denial of service conditions, leading to system crashes. Furthermore, through crafted ELF or a.out files, malicious users may potentially execute arbitrary code, compromising system integrity.

References

http://secunia.com/advisories/20163

third-party-advisoryx_refsource_SECUNIA

http://www.debian.org/security/2006/dsa-1082

vendor-advisoryx_refsource_DEBIAN

http://www.mandriva.com/security/advisories?name=MDKSA-20...

vendor-advisoryx_refsource_MANDRAKE

Timeline

Vulnerability published
Apr 14, 2005
Vulnerability Reserved
Jan 3, 2005