CVE - CVE-2005-2456

CVE-ID
CVE-2005-2456	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c in Linux kernel 2.6 allows local users to cause a denial of service (oops or deadlock) and possibly execute arbitrary code via a p->dir value that is larger than XFRM_POLICY_OUT, which is used as an index in the sock->sk_policy array.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:14477 URL:http://www.securityfocus.com/bid/14477 CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blobdiff;h=8da3e25b2c4c1f305fd85428d3a9eb62b543bfba;hp=ecade4893a139cc35d4fe345ce70242ede5358c4;hb=a4f1bac62564049ea4718c4624b0fadc9f597c84;f=net/xfrm/xfrm_user.c CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a4f1bac62564049ea4718c4624b0fadc9f597c84 DEBIAN:DSA-921 URL:http://www.debian.org/security/2005/dsa-921 DEBIAN:DSA-922 URL:http://www.debian.org/security/2005/dsa-922 FEDORA:FLSA:157459-3 URL:http://www.securityfocus.com/archive/1/427980/100/0/threaded MANDRAKE:MDKSA-2005:219 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2005:219~~ (Obsolete source) MANDRAKE:MDKSA-2005:220 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2005:220~~ (Obsolete source) MISC:http://www.mail-archive.com/netdev@vger.kernel.org/msg00520.html OVAL:oval:org.mitre.oval:def:10858 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10858 REDHAT:RHSA-2005:514 URL:http://www.redhat.com/support/errata/RHSA-2005-514.html REDHAT:RHSA-2005:663 URL:http://www.redhat.com/support/errata/RHSA-2005-663.html SECUNIA:16298 URL:http://secunia.com/advisories/16298 SECUNIA:16500 URL:http://secunia.com/advisories/16500 SECUNIA:17002 URL:http://secunia.com/advisories/17002 SECUNIA:17073 URL:http://secunia.com/advisories/17073 SECUNIA:17826 URL:http://secunia.com/advisories/17826 SECUNIA:18056 URL:http://secunia.com/advisories/18056 SECUNIA:18059 URL:http://secunia.com/advisories/18059 SUSE:SUSE-SA:2005:050 URL:http://www.novell.com/linux/security/advisories/2005_50_kernel.html UBUNTU:USN-169-1 URL:https://usn.ubuntu.com/169-1/ VUPEN:ADV-2005-1878 URL:~~http://www.vupen.com/english/advisories/2005/1878~~ (Obsolete source) XF:linux-kernel-xfrm-dos(21710) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/21710
Assigning CNA
MITRE Corporation
Date Record Created
20050804	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20050804)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)