Vulnerability CVE-2005-0176 - CERT Civis.Net

Vulnerability Name:

CVE-2005-0176 (CCN-19360)

Assigned:

2005-02-15

Published:

2005-02-15

Updated:

2017-10-11

Summary:

The shmctl function in Linux 2.6.9 and earlier allows local users to unlock the memory of other processes, which could cause sensitive memory to be swapped to disk, which could allow it to be read by other users once it has been released.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Obtain Information

References:

Source: SGI
Type: UNKNOWN
20060402-01-U

Source: MITRE
Type: CNA
CVE-2005-0176

Source: CONECTIVA
Type: Vendor Advisory
CLA-2005:930

Source: BUGTRAQ
Type: UNKNOWN
20050215 [USN-82-1] Linux kernel vulnerabilities

Source: CCN
Type: RHSA-2005-092
kernel security update

Source: CCN
Type: RHSA-2005-472
kernel security update

Source: CCN
Type: SA19607
SGI ProPack kernel Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
19607

Source: REDHAT
Type: Vendor Advisory
RHSA-2005:092

Source: REDHAT
Type: UNKNOWN
RHSA-2005:472

Source: BID
Type: UNKNOWN
12598

Source: CCN
Type: BID-12598
Linux Kernel Multiple Vulnerabilities

Source: CCN
Type: USN-82-1
Linux kernel vulnerabilities

Source: XF
Type: UNKNOWN
kernel-shmctl-information-disclosure(19360)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1225

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:8778

Vulnerable Configuration:

Configuration 1:

cpe:/o:linux:linux_kernel:2.6.9:2.6.20:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:linux:linux_kernel:2.6.6:rc1:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.2:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.0:test9:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.0:test8:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.0:test7:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.0:test6:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.0:test5:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.0:test4:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.0:test3:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.0:test2:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.0:test11:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.0:test10:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.0:test1:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.9:rc4:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.9:rc3:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.9:rc2:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.9:rc1:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.8:rc4:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.8:rc3:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.8:rc2:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.8:rc1:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.7:rc3:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.7:rc2:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.7:rc1:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.6:rc3:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.6:rc2:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.5:rc3:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.5:rc2:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.5:rc1:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.4:rc3:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.4:rc2:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.4:rc1:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.3:rc4:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.3:rc3:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.3:rc2:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.2:rc3:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.2:rc2:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.2:rc1:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.1:rc3:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.1:rc2:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.1:rc1:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.3:rc1:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.0:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.1:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.3:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.4:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.5:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.6:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.7:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.8:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.8.1:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.9:*:*:*:*:*:*:*

AND

cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:8778	V	The shmctl function in Linux 2.6.9 and earlier allows local users to unlock the memory of other processes, which could cause sensitive memory to be swapped to disk, which could allow it to be read by other users once it has been released.	2013-04-29
oval:org.mitre.oval:def:1225	V	Linux Kernel shmctl() Memory Swap Vulnerability	2005-08-18
oval:com.redhat.rhsa:def:20050472	P	RHSA-2005:472: kernel security update (Important)	2005-05-25
oval:com.redhat.rhsa:def:20050092	P	RHSA-2005:092: kernel security update (Important)	2005-02-18