BID:13438

Linux Kernel Itanium System Call Local Denial Of Service Vulnerability

Info

Linux Kernel Itanium System Call Local Denial Of Service Vulnerability

Bugtraq ID:	13438
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2005-0137
Remote:	No
Local:	Yes
Published:	Apr 29 2005 12:00AM
Updated:	Jul 12 2009 02:06PM
Credit:	The individual or individuals responsible for the discovery of this issue are currently unknown; RedHat disclosed this issue.
Vulnerable:	Linux kernel 2.4.30 + Trustix Secure Linux 2.2 + Trustix Secure Linux 2.1 Linux kernel 2.4.29 Linux kernel 2.4.28 + Trustix Secure Enterprise Linux 2.0 + Trustix Secure Linux 2.2 + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 Linux kernel 2.4.27 Linux kernel 2.4.26 Linux kernel 2.4.25 Linux kernel 2.4.24 Linux kernel 2.4.23 + Trustix Secure Linux 2.0 Linux kernel 2.4.22 + Devil-Linux Devil-Linux 1.0.5 + Devil-Linux Devil-Linux 1.0.4 + Mandriva Linux Mandrake 9.2 amd64 + Mandriva Linux Mandrake 9.2 + Redhat Fedora Core1 + Slackware Linux 9.1 Linux kernel 2.4.21 + Mandriva Linux Mandrake 9.1 ppc + Mandriva Linux Mandrake 9.1 + Redhat Desktop 3.0 + Redhat Enterprise Linux AS 3 + Redhat Enterprise Linux ES 3 + Redhat Enterprise Linux WS 3 + S.u.S.E. Linux Personal 9.0 x86_64 + S.u.S.E. Linux Personal 9.0 + SuSE SUSE Linux Enterprise Server 8 Linux kernel 2.4.20 + CRUX CRUX Linux 1.0 + Gentoo Linux 1.4 + Gentoo Linux 1.2 + Redhat Linux 9.0 i386 + Slackware Linux 9.0 + WOLK WOLK 4.4 s Linux kernel 2.4.19 + Conectiva Linux Enterprise Edition 1.0 + MandrakeSoft Corporate Server 2.1 x86_64 + MandrakeSoft Corporate Server 2.1 + MandrakeSoft Multi Network Firewall 2.0 + Mandriva Linux Mandrake 9.0 + Slackware Linux -current + SuSE Linux 8.1 + SuSE SUSE Linux Enterprise Server 8 + SuSE SUSE Linux Enterprise Server 7 Linux kernel 2.4.18 + Astaro Security Linux 2.0 23 + Astaro Security Linux 2.0 16 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Mandriva Linux Mandrake 8.2 + Mandriva Linux Mandrake 8.1 + Mandriva Linux Mandrake 8.0 + Redhat Advanced Workstation for the Itanium Processor 2.1 IA64 + Redhat Advanced Workstation for the Itanium Processor 2.1 + Redhat Enterprise Linux AS 2.1 IA64 + Redhat Linux 8.0 + Redhat Linux 7.3 + S.u.S.E. Linux Connectivity Server + S.u.S.E. Linux Database Server 0 + S.u.S.E. Linux Firewall on CD + S.u.S.E. Linux Office Server + S.u.S.E. Linux Personal 8.2 + S.u.S.E. SuSE eMail Server 3.1 + S.u.S.E. SuSE eMail Server III + SuSE Linux 8.1 + SuSE Linux 8.0 + SuSE Linux 7.3 + SuSE Linux 7.2 + SuSE Linux 7.1 + SuSE Linux Openexchange Server + SuSE SUSE Linux Enterprise Server 8 + SuSE SUSE Linux Enterprise Server 7 + Turbolinux Turbolinux Server 8.0 + Turbolinux Turbolinux Server 7.0 + Turbolinux Turbolinux Workstation 8.0 + Turbolinux Turbolinux Workstation 7.0 Linux kernel 2.4.17 Linux kernel 2.4.16 + Sun Cobalt RaQ 550 Linux kernel 2.4.15 Linux kernel 2.4.14 Linux kernel 2.4.13 + Caldera OpenLinux Server 3.1.1 + Caldera OpenLinux Workstation 3.1.1 Linux kernel 2.4.12 Linux kernel 2.4.11 Linux kernel 2.4.10 + SuSE Linux 7.3 Linux kernel 2.4.9 + Redhat Enterprise Linux AS 2.1 IA64 + Redhat Enterprise Linux AS 2.1 + Redhat Enterprise Linux ES 2.1 IA64 + Redhat Enterprise Linux ES 2.1 + Redhat Enterprise Linux WS 2.1 IA64 + Redhat Enterprise Linux WS 2.1 + Redhat Linux 7.2 ia64 + Redhat Linux 7.2 i386 + Redhat Linux 7.2 alpha + Redhat Linux 7.1 ia64 + Redhat Linux 7.1 i386 + Redhat Linux 7.1 alpha + Sun Linux 5.0.5 + Sun Linux 5.0.3 + Sun Linux 5.0 Linux kernel 2.4.8 + Mandriva Linux Mandrake 8.2 + Mandriva Linux Mandrake 8.1 + Mandriva Linux Mandrake 8.0 Linux kernel 2.4.7 + Redhat Linux 7.2 + SuSE Linux 7.2 + SuSE Linux 7.1 Linux kernel 2.4.6 Linux kernel 2.4.5 + Slackware Linux 8.0 Linux kernel 2.4.4 + SuSE Linux 7.2 Linux kernel 2.4.3 + Mandriva Linux Mandrake 8.0 ppc + Mandriva Linux Mandrake 8.0 Linux kernel 2.4.2 + Caldera OpenLinux Server 3.1 + Caldera OpenLinux Workstation 3.1 + Redhat Linux 7.1 i386 + Redhat Linux 7.1 alpha Linux kernel 2.4.1 Linux kernel 2.4

Not Vulnerable:

Discussion

Linux Kernel Itanium System Call Local Denial Of Service Vulnerability

A local denial of service vulnerability affects the Linux kernel. This issue is due to a failure of the affected kernel to handle system calls with missing arguments.

An attacker can leverage this issue to cause the affected kernel to crash, denying service to legitimate users.

Exploit / POC

Linux Kernel Itanium System Call Local Denial Of Service Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Solution / Fix

Linux Kernel Itanium System Call Local Denial Of Service Vulnerability

Solution:
Red Hat released advisories RHSA-2005:293-16 and RHSA-2005:284-11 as well as fixes to address this and other issues on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisories for additional information.

References

Linux Kernel Itanium System Call Local Denial Of Service Vulnerability

References:

RHSA-2005:284-11 - kernel security update (RedHat)
RHSA-2005:293-16 - kernel security update (RedHat)