CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
25.6%
Integer overflow in the ubsec_keysetup function for Linux Broadcom 5820 cryptonet driver allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a negative add_dsa_buf_bytes variable, which leads to a buffer overflow.
Vendor | Product | Version | CPE |
---|---|---|---|
redhat | fedora_core | core_1.0 | cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:* |
redhat | linux | 8.0 | cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:* |
redhat | linux | 8.0 | cpe:2.3:o:redhat:linux:8.0:*:i386:*:*:*:*:* |
redhat | linux | 8.0 | cpe:2.3:o:redhat:linux:8.0:*:i686:*:*:*:*:* |
redhat | kernel | 2.4.20-8 | cpe:2.3:a:redhat:kernel:2.4.20-8:*:athlon:*:*:*:*:* |
redhat | kernel | 2.4.20-8 | cpe:2.3:a:redhat:kernel:2.4.20-8:*:athlon_smp:*:*:*:*:* |
redhat | kernel | 2.4.20-8 | cpe:2.3:a:redhat:kernel:2.4.20-8:*:i386:*:*:*:*:* |
redhat | kernel | 2.4.20-8 | cpe:2.3:a:redhat:kernel:2.4.20-8:*:i386_src:*:*:*:*:* |
redhat | kernel | 2.4.20-8 | cpe:2.3:a:redhat:kernel:2.4.20-8:*:i586:*:*:*:*:* |
redhat | kernel | 2.4.20-8 | cpe:2.3:a:redhat:kernel:2.4.20-8:*:i586_smp:*:*:*:*:* |
marc.info/?l=bugtraq&m=108802653409053&w=2
secunia.com/advisories/11936
www.ciac.org/ciac/bulletins/p-047.shtml
www.redhat.com/support/errata/RHSA-2004-549.html
www.redhat.com/support/errata/RHSA-2005-283.html
www.securityfocus.com/bid/10599
exchange.xforce.ibmcloud.com/vulnerabilities/16459
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9773