Vulnerability Description
Stack-based buffer overflow in the sendmsg function call in the Linux kernel 2.6 before 2.6.13.1 allows local users to execute arbitrary code by calling sendmsg and modifying the message contents in another thread.
CVSS Score
4.6
MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | 2.6.0 |
References
- http://marc.info/?l=bugtraq&m=112690609622266&w=2
- http://secunia.com/advisories/16747/PatchVendor Advisory
- http://secunia.com/advisories/17002
- http://secunia.com/advisories/17073
- http://secunia.com/advisories/17826
- http://secunia.com/advisories/17918
- http://secunia.com/advisories/19374
- http://www.debian.org/security/2006/dsa-1017
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.13.1
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:219
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:220
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:235
- http://www.redhat.com/support/errata/RHSA-2005-514.html
- http://www.redhat.com/support/errata/RHSA-2005-663.html
- http://www.securityfocus.com/archive/1/419522/100/0/threaded
FAQ
What is CVE-2005-2490?
CVE-2005-2490 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Stack-based buffer overflow in the sendmsg function call in the Linux kernel 2.6 before 2.6.13.1 allows local users to execute arbitrary code by calling sendmsg and modifying the message contents in a...
How severe is CVE-2005-2490?
CVE-2005-2490 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-2490?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.