CVE-2005-0736
published 2005-03-09CVE-2005-0736: Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 to 2.6.11 allows local users to overwrite kernel memory via a large number of events.
PriorityP416low2.1CVSS 2.0
AVLACLAuNCNIPAN
EXPLOIT
EPSS
2.09%
79.3th percentile
Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 to 2.6.11 allows local users to overwrite kernel memory via a large number of events.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| conectiva | linux | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | fedora_core | — | — |
| redhat | fedora_core | — | — |
CVSS provenance
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:N/I:P/A:N
vendor_redhat2.1LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2005-03-15
CVE-2005-0384 Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Linux kernel vulnerabilities
A remote Denial of Service vulnerability was discovered in the
Netfilter IP packet handler. This allowed a remote attacker to crash
the machine by sending specially crafted IP packet fragments.
(CAN-2005-0209)
The Netfilter code also contained a memory leak. Certain locally
generated packet fragments are reassembled twice, which caused a
double allocation of a data structure. This could be locally exploited
to crash the machine due to kernel memory exhaustion. (CAN-2005-0210)
Ben Martel and Stephen Blackheath found a remote Denial of Service
vulnerability in the PPP driver. This allowed a malicious pppd client
to crash the server machine. (CAN-2005-0384)
Georgi Guninski discovered a buffer overflow in the ATM dr
Red Hat
security flaw
vendor_redhat·2005-03-09·CVSS 2.1
CVE-2005-0736 [LOW] security flaw
security flaw
Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 to 2.6.11 allows local users to overwrite kernel memory via a large number of events.
GHSA
GHSA-3279-jg8p-4jv6: Integer overflow in sys_epoll_wait in eventpoll
ghsa_unreviewed·2022-05-01
CVE-2005-0736 [LOW] GHSA-3279-jg8p-4jv6: Integer overflow in sys_epoll_wait in eventpoll
Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 to 2.6.11 allows local users to overwrite kernel memory via a large number of events.
No detection rules found.
Exploit-DB
Linux Kernel 2.6.9 < 2.6.11 (RHEL 4) - 'SYS_EPoll_Wait' Local Integer Overflow / Local Privilege Escalation
exploitdb·2005-12-30
CVE-2005-0736 Linux Kernel 2.6.9 < 2.6.11 (RHEL 4) - 'SYS_EPoll_Wait' Local Integer Overflow / Local Privilege Escalation
Linux Kernel 2.6.9
*
*
* Modified 2005/9 by alert7
* XFOCUS Security Team http://www.xfocus.org
*
* gcc -o k-rad3 k-rad3.c -static -O2
*
* tested succeed :
* on default installed RHEL4(2.6.9-5.EL and 2.6.9-5.ELsmp)
* 2.6.9-5.EL ./k-rad3 -p 2
* 2.6.9-5.ELsmp ./k-rad3 -a -p 7
* on default installed maglic linux 1.2
* MagicLinux 2.6.9 #1 ./k-rad3 -t 1 -p 2
*
* thank watercloud tested maglic linux 1.2
* thank eist provide RHEL4 to test
* thank sd share his stuff.
* thank xfocus & xfocus's firends
*
*
* TODO:
* CASE 1: use stack > 0xc0000000
* CASE 2: CONFIG_X86_PAE define ,but cpu flag no pse
*
*[alert7@MagicLinux ~]$ ./k-rad3 -h
*[ k-rad3 - ]
*[ Modified 2005/9 by alert7 ]
*
*Usage: ./k-rad3
* -s forced cpu flag pse
* -a define CONFIG_X86_PAE,default none
* -e have two kernel code,default 0
*
Exploit-DB
Linux Kernel 2.6.x - 'SYS_EPoll_Wait' Local Integer Overflow / Local Privilege Escalation (1)
exploitdb·2005-03-09
CVE-2005-0736 Linux Kernel 2.6.x - 'SYS_EPoll_Wait' Local Integer Overflow / Local Privilege Escalation (1)
Linux Kernel 2.6.x - 'SYS_EPoll_Wait' Local Integer Overflow / Local Privilege Escalation (1)
---
/*
EDB Note: Updated exploit can be found here; https://www.exploit-db.com/exploits/25203/
source: https://www.securityfocus.com/bid/12763/info
A Local integer overflow vulnerability affects the Linux kernel. This issue is due to a failure of the affected kernel to properly handle user-supplied size values.
An attacker may leverage this issue to overwrite low kernel memory. This may potentially facilitate privilege escalation.
*/
/*
* k-rad.c - linux 2.6.11 and below CPL 0 kernel exploit v2
* Discovered and exploit coded Jan 2005 by sd
*
* In memory of pwned.c (uselib)
*
* - Redistributions of source code is not permitted.
* - Redistributions in the binary form is not permitted.
* - Redi
http://linux.bkbits.net:8080/linux-2.6/cset%40422dd06a1p5PsyFhoGAJseinjEq3ew?nav=index.html%7CChangeSet%40-1dhttp://lists.grok.org.uk/pipermail/full-disclosure/2005-March/032314.htmlhttp://www.novell.com/linux/security/advisories/2005_18_kernel.htmlhttp://www.redhat.com/support/errata/RHSA-2005-293.htmlhttp://www.redhat.com/support/errata/RHSA-2005-366.htmlhttp://www.securityfocus.com/bid/12763https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9870https://usn.ubuntu.com/95-1/http://linux.bkbits.net:8080/linux-2.6/cset%40422dd06a1p5PsyFhoGAJseinjEq3ew?nav=index.html%7CChangeSet%40-1dhttp://lists.grok.org.uk/pipermail/full-disclosure/2005-March/032314.htmlhttp://www.novell.com/linux/security/advisories/2005_18_kernel.htmlhttp://www.redhat.com/support/errata/RHSA-2005-293.htmlhttp://www.redhat.com/support/errata/RHSA-2005-366.htmlhttp://www.securityfocus.com/bid/12763https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9870https://usn.ubuntu.com/95-1/
2005-03-09
Published