[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249966

 
 

909

 
 

195636

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2005-3273Date: (C)2005-10-20   (M)2023-12-22


The rose_rt_ioctl function in rose_route.c for Radionet Open Source Environment (ROSE) in Linux 2.6 kernels before 2.6.12, and 2.4 before 2.4.29, does not properly verify the ndigis argument for a new route, which allows attackers to trigger array out-of-bounds errors with a large number of digipeats.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1014115
BID-13886
SECUNIA-17826
SECUNIA-18056
SECUNIA-21035
DSA-922
FLSA:157459-1
MDKSA-2005:218
MDKSA-2005:219
MDKSA-2005:220
RHSA-2005:663
RHSA-2006:0579
RHSA-2006:0580
USN-219-1
http://linux.bkbits.net:8080/linux-2.4/cset%4041e2cf515TpixcVQ8q8HvQvCv9E6zA
http://linux.bkbits.net:8080/linux-2.6/cset%40423114bcdthRtmtdS6MsZiBVvteGCg
http://lkml.org/lkml/2005/5/23/169
oval:org.mitre.oval:def:9552

CPE    130
cpe:/o:linux:linux_kernel:2.4.27:pre5
cpe:/o:linux:linux_kernel:2.4.27:pre4
cpe:/o:linux:linux_kernel:2.4.27:pre1
cpe:/o:linux:linux_kernel:2.4.27:pre3
...
CWE    1
CWE-264

© SecPod Technologies