Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
Low
Attack Vector
Local
0

CVE-2005-2456

Disclosure Date: August 04, 2005
CVE-2005-2456 CVSS v3 Base Score: 5.5
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c in Linux kernel 2.6 allows local users to cause a denial of service (oops or deadlock) and possibly execute arbitrary code via a p->dir value that is larger than XFRM_POLICY_OUT, which is used as an index in the sock->sk_policy array.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
5.5 Medium
Impact Score:
3.6
Exploitability Score:
1.8
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
None
Integrity (I):
None
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

References

Canonical
CVE-2005-2456 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2456)
BID-14477 (http://www.securityfocus.com/bid/14477)
Advisory
http://www.novell.com/linux/security/advisories/2005_50_kernel.html
SECUNIA-18056 (http://secunia.com/advisories/18056)
USN-169-1 (https://usn.ubuntu.com/169-1)
SECUNIA-16500 (http://secunia.com/advisories/16500)
SECUNIA-17073 (http://secunia.com/advisories/17073)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10858
SECUNIA-18059 (http://secunia.com/advisories/18059)
DSA-922 (http://www.debian.org/security/2005/dsa-922)
XF-linux-kernel-xfrm-dos(21710) (https://exchange.xforce.ibmcloud.com/vulnerabilities/21710)
http://www.kernel.org/git?p=linux/kernel/git/torvalds/linux-2.6.git;a=blobdiff;h=8da3e25b2c4c1f305fd85428d3a9eb62b543bfba;hp=ecade4893a139cc35d4fe345ce70242ede5358c4;hb=a4f1bac62564049ea4718c4624b0fadc9f597c84;f=net/xfrm/xfrm_user.c
DSA-921 (http://www.debian.org/security/2005/dsa-921)
http://www.redhat.com/support/errata/RHSA-2005-514.html
http://www.kernel.org/git?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a4f1bac62564049ea4718c4624b0fadc9f597c84
SECUNIA-17002 (http://secunia.com/advisories/17002)
SECUNIA-17826 (http://secunia.com/advisories/17826)
SECUNIA-16298 (http://secunia.com/advisories/16298)
http://www.securityfocus.com/archive/1/427980/100/0/threaded
http://www.redhat.com/support/errata/RHSA-2005-663.html
ADV-2005-1878 (http://www.vupen.com/english/advisories/2005/1878)
Miscellaneous
http://www.mandriva.com/security/advisories?name=MDKSA-2005:220
http://www.mail-archive.com/netdev@vger.kernel.org/msg00520.html
http://www.mandriva.com/security/advisories?name=MDKSA-2005:219

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis