CVE-2005-3857
published 2005-11-27CVE-2005-3857: The time_out_leases function in locks.c for Linux kernel before 2.6.15-rc3 allows local users to cause a denial of service (kernel log message consumption) by…
PriorityP415medium4.9CVSS 2.0
AVLACLAuNCNINAC
EXPLOIT
EPSS
0.84%
53.2th percentile
The time_out_leases function in locks.c for Linux kernel before 2.6.15-rc3 allows local users to cause a denial of service (kernel log message consumption) by causing a large number of broken leases, which is recorded to the log using the printk function.
Affected
48 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | <= 2.6.15 | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
CVSS provenance
nvdv2.04.9MEDIUMAV:L/AC:L/Au:N/C:N/I:N/A:C
vendor_redhat4.9MEDIUM
vendor_ubuntu4.6MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2005-12-23·CVSS 4.6
CVE-2005-3257 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Linux kernel vulnerabilities
Rudolf Polzer reported an abuse of the 'loadkeys' command. By
redefining one or more keys and tricking another user (like root) into
logging in on a text console and typing something that involves the
redefined keys, a local user could cause execution of arbitrary
commands with the privileges of the target user. The updated kernel
restricts the usage of 'loadkeys' to root. (CVE-2005-3257)
The ptrace() system call did not correctly check whether a process
tried to attach to itself. A local attacker could exploit this to
cause a kernel crash. (CVE-2005-3783)
A Denial of Service vulnerability was found in the handler that
automatically cleans up and terminates child processes that are not
correctly handled by their
Red Hat
security flaw
vendor_redhat·2005-11-13·CVSS 4.9
CVE-2005-3857 [MEDIUM] security flaw
security flaw
The time_out_leases function in locks.c for Linux kernel before 2.6.15-rc3 allows local users to cause a denial of service (kernel log message consumption) by causing a large number of broken leases, which is recorded to the log using the printk function.
GHSA
GHSA-jvfg-x6v5-pmcq: The time_out_leases function in locks
ghsa_unreviewed·2022-05-03
CVE-2005-3857 [MEDIUM] GHSA-jvfg-x6v5-pmcq: The time_out_leases function in locks
The time_out_leases function in locks.c for Linux kernel before 2.6.15-rc3 allows local users to cause a denial of service (kernel log message consumption) by causing a large number of broken leases, which is recorded to the log using the printk function.
No detection rules found.
Bugzilla
CVE-2005-3857 security flaw
bugzilla·2018-08-16·CVSS 4.9
CVE-2005-3857 [MEDIUM] CVE-2005-3857 security flaw
CVE-2005-3857 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
The time_out_leases function in locks.c for Linux kernel before 2.6.15-rc3 allows local users to cause a denial of service (kernel log message consumption) by causing a large number of broken leases, which is recorded to the log using the printk function.
Bugzilla
[RHEL4] CVE-2005-3857 lease printk DoS
bugzilla·2005-11-28·CVSS 4.9
CVE-2005-3857 [MEDIUM] [RHEL4] CVE-2005-3857 lease printk DoS
[RHEL4] CVE-2005-3857 lease printk DoS
CVE-2005-3857 lease DoS
The time_out_leases function in locks.c for Linux kernel
before 2.6.15 allows local users to cause a denial of service
(kernel log message consumption) by causing a large number of
broken leases, which is recorded to the log using the printk
function.
fix (remove printk):
http://linux.bkbits.net:8080/linux-2.6/cset@437a05c4iitlvmAoQbx7eisMxOEosw
thread:
http://marc.theaimsgroup.com/?l=linux-kernel&m=113175851920568&w=2
Listing as moderate, but may be updated to important based on kernel team
investigation.
Discussion:
Created attachment 121910
Proposed patch
---
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For m
Bugzilla
CVE-2005-3857 lease printk DoS
bugzilla·2005-11-28·CVSS 4.9
CVE-2005-3857 [MEDIUM] CVE-2005-3857 lease printk DoS
CVE-2005-3857 lease printk DoS
+++ This bug was initially created as a clone of Bug #174337 +++
CVE-2005-3857 lease DoS
The time_out_leases function in locks.c for Linux kernel
before 2.6.15 allows local users to cause a denial of service
(kernel log message consumption) by causing a large number of
broken leases, which is recorded to the log using the printk
function.
fix (remove printk):
http://linux.bkbits.net:8080/linux-2.6/cset@437a05c4iitlvmAoQbx7eisMxOEosw
thread:
http://marc.theaimsgroup.com/?l=linux-kernel&m=113175851920568&w=2
Listing as moderate, but may be updated to important based on kernel team
investigation.
Discussion:
Created attachment 121911
Proposed patch
---
A fix for this problem has just been committed to the RHEL3 E7
patch pool this evening (in kernel vers
Bugzilla
Multiple Kernel vulnerabilities
bugzilla·2005-05-11
[MEDIUM] Multiple Kernel vulnerabilities
Multiple Kernel vulnerabilities
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Mozilla rulez!)
Description of problem:
Paul Starzetz of iSEC has found yet another bug in binfmt_elf.c. It can be abused to crash the kernel, perhaps even to break into the kernel land. See the advisory for details.
Version-Release number of selected component (if applicable):
How reproducible:
Didn't try
Steps to Reproduce:
Additional info:
I've got a quick and dirty patch. I'll submit it ASAP.
Discussion:
Grr...Bugzilla assigned the bug to [email protected] rather than to
[email protected]
---
Created attachment 114264
The patch for CAN-2005-1263
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This patch can be applied to FL kernel 2.4.20-43:
402e548b02382c015d6f5e5704370a1ba546598b
li
ftp://patches.sgi.com/support/free/security/advisories/20060402-01-Uhttp://marc.info/?l=linux-kernel&m=113175851920568&w=2http://marc.info/?l=linux-kernel&m=113190437101622&w=2http://secunia.com/advisories/17786http://secunia.com/advisories/17787http://secunia.com/advisories/18203http://secunia.com/advisories/18510http://secunia.com/advisories/18562http://secunia.com/advisories/19369http://secunia.com/advisories/19374http://secunia.com/advisories/19607http://www.debian.org/security/2006/dsa-1017http://www.debian.org/security/2006/dsa-1018http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7ed0175a462c4c30f6df6fac1cccac058f997739http://www.mandriva.com/security/advisories?name=MDKSA-2006:072http://www.redhat.com/support/errata/RHSA-2006-0101.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0140.htmlhttp://www.securityfocus.com/archive/1/427981/100/0/threadedhttp://www.securityfocus.com/archive/1/428028/100/0/threadedhttp://www.securityfocus.com/archive/1/428058/100/0/threadedhttp://www.securityfocus.com/bid/15627http://www.trustix.org/errata/2005/0070http://www.vupen.com/english/advisories/2005/2649https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174337https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9727https://usn.ubuntu.com/231-1/ftp://patches.sgi.com/support/free/security/advisories/20060402-01-Uhttp://marc.info/?l=linux-kernel&m=113175851920568&w=2http://marc.info/?l=linux-kernel&m=113190437101622&w=2http://secunia.com/advisories/17786http://secunia.com/advisories/17787http://secunia.com/advisories/18203http://secunia.com/advisories/18510http://secunia.com/advisories/18562http://secunia.com/advisories/19369http://secunia.com/advisories/19374http://secunia.com/advisories/19607http://www.debian.org/security/2006/dsa-1017http://www.debian.org/security/2006/dsa-1018http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7ed0175a462c4c30f6df6fac1cccac058f997739http://www.mandriva.com/security/advisories?name=MDKSA-2006:072http://www.redhat.com/support/errata/RHSA-2006-0101.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0140.htmlhttp://www.securityfocus.com/archive/1/427981/100/0/threadedhttp://www.securityfocus.com/archive/1/428028/100/0/threadedhttp://www.securityfocus.com/archive/1/428058/100/0/threadedhttp://www.securityfocus.com/bid/15627http://www.trustix.org/errata/2005/0070http://www.vupen.com/english/advisories/2005/2649https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174337https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9727https://usn.ubuntu.com/231-1/
2005-11-27
Published