CVE-2005-1263
published 2005-05-11CVE-2005-1263: The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to 2.2.27-rc2, 2.4.x to 2.4.31-pre1, and 2.6.x to 2.6.12-rc4 allows local users to execute…
PriorityP335high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
1.77%
75.4th percentile
The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to 2.2.27-rc2, 2.4.x to 2.4.31-pre1, and 2.6.x to 2.6.12-rc4 allows local users to execute arbitrary code via an ELF binary that, in certain conditions involving the create_elf_tables function, causes a negative length argument to pass a signed integer comparison, leading to a buffer overflow.
Affected
74 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
CVSS provenance
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat7.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2005-05-23
CVE-2005-1368 Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Linux kernel vulnerabilities
Colin Percival discovered an information disclosure in the "Hyper
Threading Technology" architecture in processors which are capable of
simultaneous multithreading (in particular Intel Pentium 4, Intel
Mobile Pentium 4, and Intel Xeon processors). This allows a malicious
thread to monitor the execution of another thread on the same CPU.
This could be exploited to steal cryptographic keys, passwords, or
other arbitrary data from unrelated processes. Since it is not
possible to provide a safe patch in a short time, HyperThreading has
been disabled in the updated kernel packages for now. You can manually
enable HyperThreading again by passing the kernel parameter "ht=on" at
boot. (CAN-2005-0109)
A Denial of Service v
Red Hat
security flaw
vendor_redhat·2005-05-11·CVSS 7.2
CVE-2005-1263 [HIGH] security flaw
security flaw
The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to 2.2.27-rc2, 2.4.x to 2.4.31-pre1, and 2.6.x to 2.6.12-rc4 allows local users to execute arbitrary code via an ELF binary that, in certain conditions involving the create_elf_tables function, causes a negative length argument to pass a signed integer comparison, leading to a buffer overflow.
GHSA
GHSA-jr5h-gxvq-3v3w: The elf_core_dump function in binfmt_elf
ghsa_unreviewed·2022-05-03
CVE-2005-1263 [HIGH] GHSA-jr5h-gxvq-3v3w: The elf_core_dump function in binfmt_elf
The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to 2.2.27-rc2, 2.4.x to 2.4.31-pre1, and 2.6.x to 2.6.12-rc4 allows local users to execute arbitrary code via an ELF binary that, in certain conditions involving the create_elf_tables function, causes a negative length argument to pass a signed integer comparison, leading to a buffer overflow.
No detection rules found.
Bugzilla
CVE-2005-1263 security flaw
bugzilla·2018-08-16·CVSS 7.2
CVE-2005-1263 [HIGH] CVE-2005-1263 security flaw
CVE-2005-1263 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to 2.2.27-rc2, 2.4.x to 2.4.31-pre1, and 2.6.x to 2.6.12-rc4 allows local users to execute arbitrary code via an ELF binary that, in certain conditions involving the create_elf_tables function, causes a negative length argument to pass a signed integer comparison, leading to a buffer overflow.
Bugzilla
CVE-2005-1263 Linux kernel ELF core dump crash vulnerability
bugzilla·2005-05-11·CVSS 7.2
CVE-2005-1263 [HIGH] CVE-2005-1263 Linux kernel ELF core dump crash vulnerability
CVE-2005-1263 Linux kernel ELF core dump crash vulnerability
"A locally exploitable flaw has been found in the Linux ELF binary format
loader's core dump function that allows local users to gain root
privileges and also execute arbitrary code at kernel privilege level."
For the full description see
http://www.securityfocus.com/archive/1/397966/2005-05-08/2005-05-14/0
For the proposed patch see bug #157450 (not backported)
Discussion:
Associated RHEL4 bug is 157450.
---
Note that RHEL3 (and I believe other RHEL versions) are *not* vulnerable
to privilege escalations because kernels crash when there is an oops.
I have reproduced the crash on RHEL3. Revised shell archive is in elfbug.sh
(in ~petrides/tests/elfbug.sh).
---
Patch posted for review on 11-May-2005.
---
Note that a suc
Bugzilla
Multiple Kernel vulnerabilities
bugzilla·2005-05-11
[MEDIUM] Multiple Kernel vulnerabilities
Multiple Kernel vulnerabilities
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Mozilla rulez!)
Description of problem:
Paul Starzetz of iSEC has found yet another bug in binfmt_elf.c. It can be abused to crash the kernel, perhaps even to break into the kernel land. See the advisory for details.
Version-Release number of selected component (if applicable):
How reproducible:
Didn't try
Steps to Reproduce:
Additional info:
I've got a quick and dirty patch. I'll submit it ASAP.
Discussion:
Grr...Bugzilla assigned the bug to [email protected] rather than to
[email protected]
---
Created attachment 114264
The patch for CAN-2005-1263
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This patch can be applied to FL kernel 2.4.20-43:
402e548b02382c015d6f5e5704370a1ba546598b
li
ftp://patches.sgi.com/support/free/security/advisories/20060402-01-Uhttp://secunia.com/advisories/19185http://secunia.com/advisories/19607http://www.isec.pl/vulnerabilities/isec-0023-coredump.txthttp://www.redhat.com/support/errata/RHSA-2005-472.htmlhttp://www.redhat.com/support/errata/RHSA-2005-529.htmlhttp://www.redhat.com/support/errata/RHSA-2005-551.htmlhttp://www.securityfocus.com/archive/1/397966http://www.securityfocus.com/archive/1/427980/100/0/threadedhttp://www.securityfocus.com/archive/1/428028/100/0/threadedhttp://www.securityfocus.com/archive/1/428058/100/0/threadedhttp://www.securityfocus.com/bid/13589http://www.vupen.com/english/advisories/2005/0524https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10909https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1122ftp://patches.sgi.com/support/free/security/advisories/20060402-01-Uhttp://secunia.com/advisories/19185http://secunia.com/advisories/19607http://www.isec.pl/vulnerabilities/isec-0023-coredump.txthttp://www.redhat.com/support/errata/RHSA-2005-472.htmlhttp://www.redhat.com/support/errata/RHSA-2005-529.htmlhttp://www.redhat.com/support/errata/RHSA-2005-551.htmlhttp://www.securityfocus.com/archive/1/397966http://www.securityfocus.com/archive/1/427980/100/0/threadedhttp://www.securityfocus.com/archive/1/428028/100/0/threadedhttp://www.securityfocus.com/archive/1/428058/100/0/threadedhttp://www.securityfocus.com/bid/13589http://www.vupen.com/english/advisories/2005/0524https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10909https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1122
2005-05-11
Published