Vulnerability CVE-2005-0136

Vulnerability Name:

CVE-2005-0136

Assigned:

2005-03-11

Published:

2005-03-11

Updated:

2018-10-30

Summary:

The Linux kernel before 2.6.11 on the Itanium IA64 platform has certain "ptrace corner cases" that allow local users to cause a denial of service (crash) via crafted syscalls, possibly related to MCA/INIT, a different vulnerability than CVE-2005-1761.

CVSS v3 Severity:

4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-Other

References:

Source: MITRE
Type: CNA
CVE-2005-0136

Source: MLIST
Type: UNKNOWN
[kernel-svn-changes] 20050816 r3920 - in branches/dist/sarge-security: . kernel kernel/i386 kernel/source kernel/source/kernel-source-2.6.8-2.6.8/debian

Source: MISC
Type: Patch
http://openvz.org/news/updates/kernel-022stab045.1-released

Source: SECUNIA
Type: Patch, Vendor Advisory
17002

Source: MLIST
Type: Patch
[linux-ia64] 20040916 Re: [Patch] Per CPU MCA/INIT data save areas

Source: CONFIRM
Type: Patch
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11

Source: REDHAT
Type: Patch
RHSA-2005:420

Source: REDHAT
Type: Patch
RHSA-2005:663

Source: VUPEN
Type: UNKNOWN
ADV-2005-1878

Source: MISC
Type: Patch
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=148862

Source: MISC
Type: Patch
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=155283

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11628

Vulnerable Configuration:

Configuration 1:

cpe:/o:linux:linux_kernel:2.6.8:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.8:rc1:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.8:rc2:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.8:rc3:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.8:rc4:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.8.1:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.8.1.5:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.8.1.5:*:386:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.8.1.5:*:686:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.8.1.5:*:686_smp:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.8.1.5:*:amd64:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.8.1.5:*:amd64_k8:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.8.1.5:*:amd64_k8_smp:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.8.1.5:*:amd64_xeon:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.8.1.5:*:k7:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.8.1.5:*:k7_smp:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.8.1.5:*:power3:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.8.1.5:*:power3_smp:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.8.1.5:*:power4:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.8.1.5:*:power4_smp:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.8.1.5:*:powerpc:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.8.1.5:*:powerpc_smp:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.9:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.9:2.6.20:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.9:rc1:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.9:rc2:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.9:rc3:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.9:rc4:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.10:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.10:rc1:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.10:rc2:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.10:rc3:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20050136	V	CVE-2005-0136	2015-11-16
oval:org.mitre.oval:def:11628	V	The Linux kernel before 2.6.11 on the Itanium IA64 platform has certain "ptrace corner cases" that allow local users to cause a denial of service (crash) via crafted syscalls, possibly related to MCA/INIT, a different vulnerability than CVE-2005-1761.	2013-04-29
oval:com.redhat.rhsa:def:20050663	P	RHSA-2005:663: Updated kernel packages available for Red Hat Enterprise Linux 3 Update 6 (Important)	2005-09-28
oval:com.redhat.rhsa:def:20050420	P	RHSA-2005:420: Updated kernel packages available for Red Hat Enterprise Linux 4 Update 1 (Important)	2005-08-09

BACK