CVE-2004-0491

The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not properly maintain the mlock page count when one process unlocks pages that belong to another process, which allows local users to mlock more memory than specified by the rlimit.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=126411
http://www.redhat.com/support/errata/RHSA-2005-472.html
http://www.securityfocus.com/bid/13769
ftp://patches.sgi.com/support/free/security/advisories/20060402-01-U
http://secunia.com/advisories/19607
http://marc.info/?l=linux-kernel&m=108087017610947&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1117
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10672

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:o:redhat:enterprise_linux:3.0:*:*:*:*:*:*:*

Information

Published : 2004-12-30 21:00

Updated : 2017-10-10 18:29

NVD link : CVE-2004-0491

Mitre link : CVE-2004-0491

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

redhat

enterprise_linux

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=126411", "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=126411", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.redhat.com/support/errata/RHSA-2005-472.html", "name": "RHSA-2005:472", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.securityfocus.com/bid/13769", "name": "13769", "tags": [], "refsource": "BID"}, {"url": "ftp://patches.sgi.com/support/free/security/advisories/20060402-01-U", "name": "20060402-01-U", "tags": [], "refsource": "SGI"}, {"url": "http://secunia.com/advisories/19607", "name": "19607", "tags": [], "refsource": "SECUNIA"}, {"url": "http://marc.info/?l=linux-kernel&m=108087017610947&w=2", "name": "[linux-kernel] 20040402 Re: disable-cap-mlock", "tags": [], "refsource": "MLIST"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1117", "name": "oval:org.mitre.oval:def:1117", "tags": [], "refsource": "OVAL"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10672", "name": "oval:org.mitre.oval:def:10672", "tags": [], "refsource": "OVAL"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not properly maintain the mlock page count when one process unlocks pages that belong to another process, which allows local users to mlock more memory than specified by the rlimit."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2004-0491", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "LOW", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2004-12-31T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-10-11T01:29Z"}