CVE-2005-3055

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial of service (kernel OOPS) via a userspace process that issues a USB Request Block (URB) to a USB device and terminates before the URB is finished, which leads to a stale pointer reference.

References

http://marc.info/?l=linux-kernel&m=112766129313883

http://secunia.com/advisories/17826

http://secunia.com/advisories/17917

http://secunia.com/advisories/17918

http://secunia.com/advisories/19374

http://secunia.com/advisories/21035

http://secunia.com/advisories/21136

http://secunia.com/advisories/21465

http://secunia.com/advisories/21983

http://secunia.com/advisories/22417

http://support.avaya.com/elmodocs2/security/ASA-2006-180.htm

http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm

http://www.debian.org/security/2006/dsa-1017

http://www.mandriva.com/security/advisories?name=MDKSA-2005:218

http://www.mandriva.com/security/advisories?name=MDKSA-2005:219

http://www.mandriva.com/security/advisories?name=MDKSA-2005:220

http://www.mandriva.com/security/advisories?name=MDKSA-2005:235

http://www.redhat.com/support/errata/RHSA-2006-0437.html

http://www.redhat.com/support/errata/RHSA-2006-0575.html

http://www.redhat.com/support/errata/RHSA-2006-0579.html

http://www.redhat.com/support/errata/RHSA-2006-0580.html

http://www.securityfocus.com/advisories/9806

http://www.securityfocus.com/archive/1/419522/100/0/threaded

http://www.securityfocus.com/bid/14955

http://www.vupen.com/english/advisories/2005/1863

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9472

https://usn.ubuntu.com/219-1/

Details

Source: MITRE

Published: 2005-09-26

Updated: 2018-10-19

Type: CWE-20

Risk Information

CVSS v2

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:2.6.8:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.8:rc1:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.8:rc2:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.8:rc3:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.9:2.6.20:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.10:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.10:rc2:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.11:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.11:rc2:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.11:rc3:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.11:rc4:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.11.5:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.11.6:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.11.7:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.11.8:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.11.11:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.12:rc1:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.12.1:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.12.2:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.12.3:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.12.4:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.12.5:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.13:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.13:rc1:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.13:rc4:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.13:rc6:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.13:rc7:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.13.1:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.13.2:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.14:rc1:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.14:rc2:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*

Tenable Plugins

View all (12 total)

IDNameProductFamilySeverity
65105Ubuntu 4.10 / 5.10 : linux-source-2.6.8.1/-2.6.10/-2.6.12 vulnerabilities (USN-219-1)NessusUbuntu Local Security Checks
medium
22559Debian DSA-1017-1 : kernel-source-2.6.8 - several vulnerabilitiesNessusDebian Local Security Checks
critical
22276CentOS 4 : kernel (CESA-2006:0575)NessusCentOS Local Security Checks
high
22221RHEL 4 : kernel (RHSA-2006:0575)NessusRed Hat Local Security Checks
high
22135CentOS 3 : kernel (CESA-2006:0437)NessusCentOS Local Security Checks
high
22086RHEL 3 : kernel (RHSA-2006:0437)NessusRed Hat Local Security Checks
high
22054RHEL 2.1 : kernel (RHSA-2006:0579)NessusRed Hat Local Security Checks
medium
20466Mandrake Linux Security Advisory : kernel (MDKSA-2005:235)NessusMandriva Local Security Checks
medium
20451MDKSA-2005:220 : kernelNessusMandriva Local Security Checks
medium
20450Mandrake Linux Security Advisory : kernel (MDKSA-2005:219)NessusMandriva Local Security Checks
high
801420CentOS RHSA-2006-0575 Security CheckLog Correlation EngineGeneric
high
801417CentOS RHSA-2006-0437 Security CheckLog Correlation EngineGeneric
high