blob: 323bf2c78149f6ce7b3a2e29131768e82de4574b (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
Candidate: CVE-2005-0179
References:
http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030660.html
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
http://www.redhat.com/support/errata/RHSA-2005-092.html
Description:
Linux kernel 2.4.x and 2.6.x allows local users to cause a denial
of service (CPU and memory consumption) and bypass RLIM_MEMLOCK
limits via the mlockall call.
Notes:
jmm> The vulnerable code was only introduced in 2.6.9
dannf> I believe this is fixed in:
http://linux.bkbits.net:8080/linux-2.6/cset@41e2d63eQyYc3q3MPkKLhEktFoqfUw?nav=index.html|src/|src/mm|related/mm/mmap.c
dannf> and since that was in 2.6.11, i'll mark upstream as such
Bugs:
upstream: released (2.6.11)
linux-2.6.16: N/A
linux-2.6: N/A
2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
|