Upstream information

CVE-2005-2456 at MITRE

Description

Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c in Linux kernel 2.6 allows local users to cause a denial of service (oops or deadlock) and possibly execute arbitrary code via a p->dir value that is larger than XFRM_POLICY_OUT, which is used as an index in the sock->sk_policy array.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 2.1
Vector AV:L/AC:L/Au:N/C:N/I:N/A:P
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
SUSE Bugzilla entries: 100685, 105103 [RESOLVED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE LINUX 9.3
  • Intel-536ep >= 4.69-10.3
  • dprobes >= 3.6.5-8.3
  • kernel-bigsmp >= 2.6.11.4-21.9
  • kernel-bigsmp-nongpl >= 2.6.11.4-21.9
  • kernel-default >= 2.6.11.4-21.9
  • kernel-default-nongpl >= 2.6.11.4-21.9
  • kernel-docs >= 2.6.11.4-21.9
  • kernel-smp >= 2.6.11.4-21.9
  • kernel-smp-nongpl >= 2.6.11.4-21.9
  • kernel-source >= 2.6.11.4-21.9
  • kernel-syms >= 2.6.11.4-21.9
  • kernel-um >= 2.6.11.4-21.9
  • kernel-um-nongpl >= 2.6.11.4-21.9
  • kernel-xen >= 2.6.11.4-21.9
  • kernel-xen-nongpl >= 2.6.11.4-21.9
  • ltmodem >= 8.31a10-7.3
  • um-host-install-initrd >= 1.0-50.3
  • um-host-kernel >= 2.6.11.4-21.9
Novell Linux Desktop 9 for x86
  • kernel-bigsmp >= 2.6.5-7.201
  • kernel-default >= 2.6.5-7.201
  • kernel-smp >= 2.6.5-7.201
  • kernel-source >= 2.6.5-7.201
  • kernel-syms >= 2.6.5-7.201
sles9-oes.x86
YOU Patch Nr: 10455
Open Enterprise Server
  • kernel-bigsmp >= 2.6.5-7.201
  • kernel-debug >= 2.6.5-7.201
  • kernel-default >= 2.6.5-7.201
  • kernel-smp >= 2.6.5-7.201
  • kernel-source >= 2.6.5-7.201
  • kernel-syms >= 2.6.5-7.201
  • kernel-um >= 2.6.5-7.201
  • um-host-install-initrd >= 1.0-48.10
  • um-host-kernel >= 2.6.5-7.201
sles9-oes.x86
YOU Patch Nr: 10455
Novell Linux Desktop 9 for x86_64
  • kernel-default >= 2.6.5-7.201
  • kernel-smp >= 2.6.5-7.201
  • kernel-source >= 2.6.5-7.201
  • kernel-syms >= 2.6.5-7.201
core9.x86-64
YOU Patch Nr: 10459