RedHat Enterprise Linux Native POSIX Threading Library Local Information Disclosure Vulnerability
BID:13444
Info
RedHat Enterprise Linux Native POSIX Threading Library Local Information Disclosure Vulnerability
| Bugtraq ID: | 13444 |
| Class: | Design Error |
| CVE: |
CVE-2005-0403 |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 29 2005 12:00AM |
| Updated: | Jul 12 2009 02:06PM |
| Credit: | The individual or individuals responsible for the discovery of this issue are currently unknown; The vendor disclosed this issue. |
| Vulnerable: |
Redhat Enterprise Linux WS 3 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux AS 3 |
| Not Vulnerable: | |
Discussion
RedHat Enterprise Linux Native POSIX Threading Library Local Information Disclosure Vulnerability
A local information disclosure and denial of service vulnerability affects RedHat Enterprise Linux. This issue is due to a design error caused by a flawed back port of the Native POSIX Threading Library (NPTL).
An attacker may leverage this issue to gain read and write access to other users' terminal TTY sessions as well as crash the affected computer. This issue may facilitate disclosure of information, command execution with escalated privileges, and denial of service attacks.
A local information disclosure and denial of service vulnerability affects RedHat Enterprise Linux. This issue is due to a design error caused by a flawed back port of the Native POSIX Threading Library (NPTL).
An attacker may leverage this issue to gain read and write access to other users' terminal TTY sessions as well as crash the affected computer. This issue may facilitate disclosure of information, command execution with escalated privileges, and denial of service attacks.
Exploit / POC
RedHat Enterprise Linux Native POSIX Threading Library Local Information Disclosure Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
RedHat Enterprise Linux Native POSIX Threading Library Local Information Disclosure Vulnerability
Solution:
Red Hat released advisory RHSA-2005:293-16 and fixes to address this and other issues on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisories for additional information.
Solution:
Red Hat released advisory RHSA-2005:293-16 and fixes to address this and other issues on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisories for additional information.
References
RedHat Enterprise Linux Native POSIX Threading Library Local Information Disclosure Vulnerability
References:
References:
- Red Hat Homepage (Red Hat)
- RHSA-2005:293-16 - kernel security update (RedHat)