| Vulnerability Name: | CVE-2004-0491 (CCN-20320) | ||||||||||||||||
| Assigned: | 2004-06-21 | ||||||||||||||||
| Published: | 2004-06-21 | ||||||||||||||||
| Updated: | 2017-10-11 | ||||||||||||||||
| Summary: | The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not properly maintain the mlock page count when one process unlocks pages that belong to another process, which allows local users to mlock more memory than specified by the rlimit. | ||||||||||||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||||||||||
| CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
| ||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||||||||||
| References: | Source: SGI Type: UNKNOWN 20060402-01-U Source: MITRE Type: CNA CVE-2004-0491 Source: MLIST Type: UNKNOWN [linux-kernel] 20040402 Re: disable-cap-mlock Source: CCN Type: MARC AIMS Group Mailing List, 2004-04-02 1:30:14 Re: disable-cap-mlock Source: CCN Type: RHSA-2005-472 kernel security update Source: CCN Type: SA19607 SGI ProPack kernel Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 19607 Source: REDHAT Type: UNKNOWN RHSA-2005:472 Source: BID Type: UNKNOWN 13769 Source: CCN Type: BID-13769 Linux Kernel Local MEMLOCK RLIMIT Bypass Denial Of Service Vulnerability Source: CCN Type: Red Hat Bugzilla Web page Bugzilla Bug 126411 - CAN-2004-0491 mlock accounting issue Source: CONFIRM Type: UNKNOWN https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=126411 Source: XF Type: UNKNOWN kernel-mlock-gain-privileges(20320) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:10672 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1117 | ||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||
| Oval Definitions | |||||||||||||||||
| |||||||||||||||||
| BACK | |||||||||||||||||