Vulnerability Description
Multiple race conditions in Linux-VServer 1.22 with Linux kernel 2.4.23 and SMP allow local users to cause a denial of service (kernel oops) via unknown attack vectors related to the (1) s_info and (2) ip_info data structures and the (a) forget_original_parent, (b) goodness, (c) schedule, (d) update_process_times, and (e) vc_new_s_context functions.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vserver | Linux-Vserver | 1.22 |
References
- http://linux-vserver.org/ChangeLog
- http://list.linux-vserver.org/archive/vserver/msg05630.html
- http://list.linux-vserver.org/archive/vserver/msg05631.htmlExploit
- http://list.linux-vserver.org/archive/vserver/msg05658.html
- http://www.osvdb.org/7587Patch
- http://linux-vserver.org/ChangeLog
- http://list.linux-vserver.org/archive/vserver/msg05630.html
- http://list.linux-vserver.org/archive/vserver/msg05631.htmlExploit
- http://list.linux-vserver.org/archive/vserver/msg05658.html
- http://www.osvdb.org/7587Patch
FAQ
What is CVE-2003-1288?
CVE-2003-1288 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Multiple race conditions in Linux-VServer 1.22 with Linux kernel 2.4.23 and SMP allow local users to cause a denial of service (kernel oops) via unknown attack vectors related to the (1) s_info and (2...
How severe is CVE-2003-1288?
CVE-2003-1288 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-1288?
Check the references section above for vendor advisories and patch information. Affected products include: Vserver Linux-Vserver.