{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-06-28T00:00:00", "descriptions": [{"lang": "en", "value": "The netlink subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.13-rc1 does not initialize certain padding fields in structures, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors, related to the (1) tc_fill_qdisc, (2) tcf_fill_node, (3) neightbl_fill_info, (4) neightbl_fill_param_info, (5) neigh_fill_info, (6) rtnetlink_fill_ifinfo, (7) rtnetlink_fill_iwinfo, (8) vif_delete, (9) ipmr_destroy_unres, (10) ipmr_cache_alloc_unres, (11) ipmr_cache_resolve, (12) inet6_fill_ifinfo, (13) tca_get_fill, (14) tca_action_flush, (15) tcf_add_notify, (16) tc_dump_action, (17) cbq_dump_police, (18) __nlmsg_put, (19) __rta_fill, (20) __rta_reserve, (21) inet6_fill_prefix, (22) rsvp_dump, and (23) cbq_dump_ovl functions."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20090917 Re: CVE request: kernel: tc: uninitialised kernel memory leak", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2009/09/17/9"}, {"name": "[oss-security] 20090916 Re: CVE request: kernel: tc: uninitialised kernel memory leak", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2009/09/17/1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git%3Ba=commit%3Bh=30e744716c4a6cc4e8ecaaddf68f20057c03dc8d"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9ef1d4c7c7aca1cd436612b6ca785b726ffb8ed8"}, {"name": "37084", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/37084"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.13/ChangeLog-2.6.13-rc1"}, {"name": "RHSA-2009:1522", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2009-1522.html"}, {"name": "37909", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/37909"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.6"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git%3Ba=commit%3Bh=3408cce0c2f380884070896420ca566704452fb5"}, {"name": "oval:org.mitre.oval:def:11744", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11744"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521601"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8a47077a0b5aa2649751c46e7a27884e6686ccbf"}, {"name": "SUSE-SA:2009:064", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html"}, {"name": "[bk-commits-head] 20050629 [NETLINK]: Missing initializations in dumped data", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=git-commits-head&m=112002138324380"}, {"name": "[oss-security] 20090906 Re: CVE request: kernel: tc: uninitialised kernel memory leak", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2009/09/06/2"}, {"name": "[oss-security] 20090907 Re: CVE request: kernel: tc: uninitialised kernel memory leak", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2009/09/07/2"}, {"name": "[oss-security] 20090905 Re: CVE request: kernel: tc: uninitialised kernel memory leak", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2009/09/05/2"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git%3Ba=commit%3Bh=0f3f2328f63c521fe4b435f148687452f98b2349"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b3563c4fbff906991a1b4ef4609f99cca2a0de6a"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-4881", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The netlink subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.13-rc1 does not initialize certain padding fields in structures, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors, related to the (1) tc_fill_qdisc, (2) tcf_fill_node, (3) neightbl_fill_info, (4) neightbl_fill_param_info, (5) neigh_fill_info, (6) rtnetlink_fill_ifinfo, (7) rtnetlink_fill_iwinfo, (8) vif_delete, (9) ipmr_destroy_unres, (10) ipmr_cache_alloc_unres, (11) ipmr_cache_resolve, (12) inet6_fill_ifinfo, (13) tca_get_fill, (14) tca_action_flush, (15) tcf_add_notify, (16) tc_dump_action, (17) cbq_dump_police, (18) __nlmsg_put, (19) __rta_fill, (20) __rta_reserve, (21) inet6_fill_prefix, (22) rsvp_dump, and (23) cbq_dump_ovl functions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20090917 Re: CVE request: kernel: tc: uninitialised kernel memory leak", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2009/09/17/9"}, {"name": "[oss-security] 20090916 Re: CVE request: kernel: tc: uninitialised kernel memory leak", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2009/09/17/1"}, {"name": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=30e744716c4a6cc4e8ecaaddf68f20057c03dc8d", "refsource": "CONFIRM", "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=30e744716c4a6cc4e8ecaaddf68f20057c03dc8d"}, {"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9ef1d4c7c7aca1cd436612b6ca785b726ffb8ed8", "refsource": "CONFIRM", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9ef1d4c7c7aca1cd436612b6ca785b726ffb8ed8"}, {"name": "37084", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37084"}, {"name": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.13/ChangeLog-2.6.13-rc1", "refsource": "CONFIRM", "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.13/ChangeLog-2.6.13-rc1"}, {"name": "RHSA-2009:1522", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2009-1522.html"}, {"name": "37909", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37909"}, {"name": "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.6", "refsource": "CONFIRM", "url": "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.6"}, {"name": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=3408cce0c2f380884070896420ca566704452fb5", "refsource": "CONFIRM", "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=3408cce0c2f380884070896420ca566704452fb5"}, {"name": "oval:org.mitre.oval:def:11744", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11744"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=521601", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521601"}, {"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8a47077a0b5aa2649751c46e7a27884e6686ccbf", "refsource": "CONFIRM", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8a47077a0b5aa2649751c46e7a27884e6686ccbf"}, {"name": "SUSE-SA:2009:064", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html"}, {"name": "[bk-commits-head] 20050629 [NETLINK]: Missing initializations in dumped data", "refsource": "MLIST", "url": "http://marc.info/?l=git-commits-head&m=112002138324380"}, {"name": "[oss-security] 20090906 Re: CVE request: kernel: tc: uninitialised kernel memory leak", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2009/09/06/2"}, {"name": "[oss-security] 20090907 Re: CVE request: kernel: tc: uninitialised kernel memory leak", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2009/09/07/2"}, {"name": "[oss-security] 20090905 Re: CVE request: kernel: tc: uninitialised kernel memory leak", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2009/09/05/2"}, {"name": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=0f3f2328f63c521fe4b435f148687452f98b2349", "refsource": "CONFIRM", "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=0f3f2328f63c521fe4b435f148687452f98b2349"}, {"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b3563c4fbff906991a1b4ef4609f99cca2a0de6a", "refsource": "CONFIRM", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b3563c4fbff906991a1b4ef4609f99cca2a0de6a"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T00:01:23.398Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20090917 Re: CVE request: kernel: tc: uninitialised kernel memory leak", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2009/09/17/9"}, {"name": "[oss-security] 20090916 Re: CVE request: kernel: tc: uninitialised kernel memory leak", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2009/09/17/1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git%3Ba=commit%3Bh=30e744716c4a6cc4e8ecaaddf68f20057c03dc8d"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9ef1d4c7c7aca1cd436612b6ca785b726ffb8ed8"}, {"name": "37084", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/37084"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.13/ChangeLog-2.6.13-rc1"}, {"name": "RHSA-2009:1522", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2009-1522.html"}, {"name": "37909", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/37909"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.6"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git%3Ba=commit%3Bh=3408cce0c2f380884070896420ca566704452fb5"}, {"name": "oval:org.mitre.oval:def:11744", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11744"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521601"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8a47077a0b5aa2649751c46e7a27884e6686ccbf"}, {"name": "SUSE-SA:2009:064", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html"}, {"name": "[bk-commits-head] 20050629 [NETLINK]: Missing initializations in dumped data", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=git-commits-head&m=112002138324380"}, {"name": "[oss-security] 20090906 Re: CVE request: kernel: tc: uninitialised kernel memory leak", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2009/09/06/2"}, {"name": "[oss-security] 20090907 Re: CVE request: kernel: tc: uninitialised kernel memory leak", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2009/09/07/2"}, {"name": "[oss-security] 20090905 Re: CVE request: kernel: tc: uninitialised kernel memory leak", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2009/09/05/2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git%3Ba=commit%3Bh=0f3f2328f63c521fe4b435f148687452f98b2349"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b3563c4fbff906991a1b4ef4609f99cca2a0de6a"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-4881", "datePublished": "2009-10-19T19:27:00", "dateReserved": "2009-09-16T00:00:00", "dateUpdated": "2024-08-08T00:01:23.398Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "55B85D5B-4EA1-4FCF-8D50-9C54E8FDA92F", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "01408EC0-9C2D-4A44-8080-D7FC7E1A1FA1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "5F49A384-7222-41F3-9BE1-4E18C00E50A6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "05520FE3-C48D-42E8-BC24-C2396BD46CBA", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "D865FBB6-E07D-492F-A75E-168B06C8ADEE", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "598F24C2-0366-4799-865C-5EE4572B734B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "D0399660-6385-45AB-9785-E504D8788146", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "DCBC50EA-130C-41B7-83EA-C523B3C3AAD7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.9:*:*:*:*:*:*:*", "matchCriteriaId": "B91F6CBE-400F-4D0B-B893-34577B47A342", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.10:*:*:*:*:*:*:*", "matchCriteriaId": "1548ECFD-FCB5-4AE0-9788-42F61F25489F", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.11:*:*:*:*:*:*:*", "matchCriteriaId": "6ABB9787-5497-4BDC-8952-F99CF60A89BD", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.12:*:*:*:*:*:*:*", "matchCriteriaId": "615F6BA2-CD51-4159-B28A-A018CA9FC25C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.13:*:*:*:*:*:*:*", "matchCriteriaId": "093848CB-68A1-4258-8357-373A477FE4E2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.14:*:*:*:*:*:*:*", "matchCriteriaId": "E275F440-A427-465F-B314-BF0730C781DB", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.15:*:*:*:*:*:*:*", "matchCriteriaId": "98651D39-60CF-409F-8276-DBBB56B972AA", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.16:*:*:*:*:*:*:*", "matchCriteriaId": "067B8E09-C923-4DDA-92DB-4A2892CB526A", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.17:*:*:*:*:*:*:*", "matchCriteriaId": "9EBE3738-E530-4EC6-9FC6-1A063605BE05", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.18:*:*:*:*:*:*:*", "matchCriteriaId": "474384F1-FB2D-4C00-A4CD-0C2C5AE42DB4", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.19:*:*:*:*:*:*:*", "matchCriteriaId": "F677E992-8D37-438F-97DF-9D98B28F020C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.20:*:*:*:*:*:*:*", "matchCriteriaId": "476687F9-722B-490C-BD0B-B5F2CD7891DC", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.21:*:*:*:*:*:*:*", "matchCriteriaId": "A399D94B-D08D-4454-A07A-6634C9AE612F", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.22:*:*:*:*:*:*:*", "matchCriteriaId": "9336ABDF-9928-49F6-BAA7-D6E9829F9B1F", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.23:*:*:*:*:*:*:*", "matchCriteriaId": "BB45C3B2-0F5D-4AE2-AE00-E1D6501E8D92", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.24:*:*:*:*:*:*:*", "matchCriteriaId": "040991B8-FB4B-480B-B53B-AA7A884F9F19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.25:*:*:*:*:*:*:*", "matchCriteriaId": "59688C40-C92F-431E-ADD7-6782622862D3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.26:*:*:*:*:*:*:*", "matchCriteriaId": "D813900D-DCF3-4F5D-9D90-13EDE2CBB3DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.27:*:*:*:*:*:*:*", "matchCriteriaId": "6E4C7831-0296-4DFA-A4E9-F7B6B30FFB72", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.27:*:-pre1:*:*:*:*:*", "matchCriteriaId": "ABF7B810-A31F-4CF4-B79A-94FEB32FFA22", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.27:*:-pre2:*:*:*:*:*", "matchCriteriaId": "E570983E-3FEC-4088-B060-6095BFB7CD88", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.27:*:-pre3:*:*:*:*:*", "matchCriteriaId": "365CADA0-6FC8-424C-8B1C-62ECCC0650E2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.27:*:-pre4:*:*:*:*:*", "matchCriteriaId": "40EFDC05-BABC-491D-AC13-0ACA7A0CB5CF", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.27:*:-pre5:*:*:*:*:*", "matchCriteriaId": "79CFAD9A-FFE9-475E-98D0-9BFF1EC38AED", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.28:*:*:*:*:*:*:*", "matchCriteriaId": "E120257D-346B-4BA6-A431-E6F820FBB5FB", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.29:*:*:*:*:*:*:*", "matchCriteriaId": "361D407D-A4BE-491D-BC8E-32E78DC4A8F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.30:*:*:*:*:*:*:*", "matchCriteriaId": "A3CD7983-4EB2-4D17-9332-493ECBADC284", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.30:rc2:*:*:*:*:*:*", "matchCriteriaId": "AAB7E049-4B49-4FB5-815B-39CEAEDE6ACC", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.30:rc3:*:*:*:*:*:*", "matchCriteriaId": "637A08D0-E382-4DE8-AEEC-6A53A72849B9", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.31:*:*:*:*:*:*:*", "matchCriteriaId": "550DFE6E-DCE6-4649-8746-522996021DBA", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.32:*:*:*:*:*:*:*", "matchCriteriaId": "E17BB496-749A-40C8-BAA9-6CFBBE308065", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.33:*:*:*:*:*:*:*", "matchCriteriaId": "0C30F255-1297-46EA-9FBC-05564792FF65", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.33.1:*:*:*:*:*:*:*", "matchCriteriaId": "A1757C19-B231-423F-95E9-F9DF1D76FC43", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.33.2:*:*:*:*:*:*:*", "matchCriteriaId": "934CBC22-864C-468F-B267-3CDE4449DA9E", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.33.3:*:*:*:*:*:*:*", "matchCriteriaId": "2AC432E3-7214-4B61-A666-2DAF5CCAEC52", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.33.4:*:*:*:*:*:*:*", "matchCriteriaId": "7682650A-8332-484D-874F-2B67246880B0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.33.5:*:*:*:*:*:*:*", "matchCriteriaId": "6DFF499A-6602-4BD3-90B5-E6C4AC888812", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.33.7:*:*:*:*:*:*:*", "matchCriteriaId": "843F73D0-2296-45E7-B5D7-BC8C63A8D99F", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.34:*:*:*:*:*:*:*", "matchCriteriaId": "0C406D55-D6CF-443B-B5DB-FC69FBEA01D0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.34.1:*:*:*:*:*:*:*", "matchCriteriaId": "1C53EDB2-923D-4860-8251-9A07C9F8FDB2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.34.2:*:*:*:*:*:*:*", "matchCriteriaId": "2E2A5D6B-7011-40AE-8A94-02B062B19010", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.34.3:*:*:*:*:*:*:*", "matchCriteriaId": "E283E518-3A3E-4D39-B11F-E4B71D6ADF90", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.34.4:*:*:*:*:*:*:*", "matchCriteriaId": "FB58C532-186F-4C1F-A107-1BF17C19AA15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.34.5:*:*:*:*:*:*:*", "matchCriteriaId": "4A31F446-FB7E-4D6C-8703-0A730E2C71AC", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.34.6:*:*:*:*:*:*:*", "matchCriteriaId": "52BA2E08-09BC-4EE4-822E-0F6FEF92E721", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.35.1:*:*:*:*:*:*:*", "matchCriteriaId": "97AA815F-E07C-4989-B190-D5E52451D0BE", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.35.2:*:*:*:*:*:*:*", "matchCriteriaId": "CFFCA2ED-2384-4DB7-9634-AEAEDFF57817", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.35.3:*:*:*:*:*:*:*", "matchCriteriaId": "5C171597-F06E-48BA-A897-E753ECBEE68C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.35.4:*:*:*:*:*:*:*", "matchCriteriaId": "99E0D1AD-E8B0-4125-BCA7-8487D9490EBF", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.35.5:*:*:*:*:*:*:*", "matchCriteriaId": "F99F78D3-A2FA-4033-8E21-FE3FFCE9D94B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.36:*:*:*:*:*:*:*", "matchCriteriaId": "BA39D4CE-22F0-46A2-B8CF-4599675E7D3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.36.1:*:*:*:*:*:*:*", "matchCriteriaId": "EDD00664-A27C-4514-A2A4-079E8F9B0251", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.36.2:*:*:*:*:*:*:*", "matchCriteriaId": "E336C792-B7A1-4318-8050-DE9F03474CEF", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.36.3:*:*:*:*:*:*:*", "matchCriteriaId": "7228AE50-BACB-4AB8-9CE5-17DB0CD661AF", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.36.4:*:*:*:*:*:*:*", "matchCriteriaId": "D6D260FD-E55E-4A95-AB7F-B880DBE37BAD", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.36.5:*:*:*:*:*:*:*", "matchCriteriaId": "E36D0159-1A05-4628-9C1C-360DED0F438C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.36.6:*:*:*:*:*:*:*", "matchCriteriaId": "3E6654B9-42EB-4C2C-8F71-710D50556180", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.36.7:*:*:*:*:*:*:*", "matchCriteriaId": "086E5B7B-A31B-44A1-92CF-D88E118545D6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.36.8:*:*:*:*:*:*:*", "matchCriteriaId": "BAC24F28-2C48-43D7-B8FB-7DCF499C9627", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.36.9:*:*:*:*:*:*:*", "matchCriteriaId": "76B549FD-5315-4DB1-8A3B-76B2E28DDDBE", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.37:*:*:*:*:*:*:*", "matchCriteriaId": "4E506CC5-BB82-423E-A99A-F77A4C8CA26B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.37.1:*:*:*:*:*:*:*", "matchCriteriaId": "B075A26C-356F-41A5-A2AB-4AB130F4B503", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.37.2:*:*:*:*:*:*:*", "matchCriteriaId": "8BE7521F-BC6A-470A-AF3D-36E9243330E8", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.37.3:*:*:*:*:*:*:*", "matchCriteriaId": "37E510D6-5ED5-4EF8-BEFB-B84FDCF44F5C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.37.4:*:*:*:*:*:*:*", "matchCriteriaId": "9E6FEE93-0FCB-4289-9F76-540A1E48950F", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.37.5:*:*:*:*:*:*:*", "matchCriteriaId": "08A8E327-3DFD-4109-93EB-23A5C12ED933", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "142BCD48-8387-4D0C-A052-44DD4144CBFF", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "E8220D81-9065-471F-9256-CFE7B9941555", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.10:*:*:*:*:*:*:*", "matchCriteriaId": "2CDE1E92-C64D-4A3B-95A2-384BD772B28B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11:*:*:*:*:*:*:*", "matchCriteriaId": "9D90502F-EC45-4ADC-9428-B94346DA660B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "1CD39A7A-9172-4B85-B8FE-CEB94207A897", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11.2:*:*:*:*:*:*:*", "matchCriteriaId": "35F5C369-6BFB-445F-AA8B-6F6FA7C33EF3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11.3:*:*:*:*:*:*:*", "matchCriteriaId": "81DE32C2-5B07-4812-9F88-000F5FB000C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11.4:*:*:*:*:*:*:*", "matchCriteriaId": "02EED3D5-8F89-4B7F-A34B-52274B1A754F", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11.5:*:*:*:*:*:*:*", "matchCriteriaId": "5F87AA89-F377-4BEB-B69F-809F5DA6176C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11.6:*:*:*:*:*:*:*", "matchCriteriaId": "C27AF62E-A026-43E9-89E6-CD807CE9DF51", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11.7:*:*:*:*:*:*:*", "matchCriteriaId": "79C2AE0E-DAE8-4443-B33F-6ABA9019AA88", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11.8:*:*:*:*:*:*:*", "matchCriteriaId": "D343B121-C007-49F8-9DE8-AA05CE58FF0B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11.9:*:*:*:*:*:*:*", "matchCriteriaId": "7936B7EE-9CD1-4698-AD67-C619D0171A88", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11.10:*:*:*:*:*:*:*", "matchCriteriaId": "A1A2AA2D-5183-4C49-A59D-AEB7D9B5A69E", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11.11:*:*:*:*:*:*:*", "matchCriteriaId": "3A0370A2-0A23-4E34-A2AC-8D87D051B0B1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11.12:*:*:*:*:*:*:*", "matchCriteriaId": "5738D628-0B2D-4F56-9427-2009BFCB6C11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:*:*:*:*:*:*:*", "matchCriteriaId": "F43EBCB4-FCF4-479A-A44D-D913F7F09C77", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12.1:*:*:*:*:*:*:*", "matchCriteriaId": "5C7BF3B2-CCD1-4D39-AE9C-AB24ABA57447", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12.2:*:*:*:*:*:*:*", "matchCriteriaId": "860F9225-8A3F-492C-B72B-5EFFB322802C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12.3:*:*:*:*:*:*:*", "matchCriteriaId": "19DFB4EF-EA1F-4680-9D97-2FDFAA4B4A25", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12.4:*:*:*:*:*:*:*", "matchCriteriaId": "57E23724-2CA4-4211-BB83-38661BE7E6AF", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12.5:*:*:*:*:*:*:*", "matchCriteriaId": "B0688B3F-F8F2-4C62-B7A3-08F9FDCE7A70", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12.6:*:*:*:*:*:*:*", "matchCriteriaId": "3896C4A6-C2F6-47CE-818A-7EB3DBF15BC3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The netlink subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.13-rc1 does not initialize certain padding fields in structures, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors, related to the (1) tc_fill_qdisc, (2) tcf_fill_node, (3) neightbl_fill_info, (4) neightbl_fill_param_info, (5) neigh_fill_info, (6) rtnetlink_fill_ifinfo, (7) rtnetlink_fill_iwinfo, (8) vif_delete, (9) ipmr_destroy_unres, (10) ipmr_cache_alloc_unres, (11) ipmr_cache_resolve, (12) inet6_fill_ifinfo, (13) tca_get_fill, (14) tca_action_flush, (15) tcf_add_notify, (16) tc_dump_action, (17) cbq_dump_police, (18) __nlmsg_put, (19) __rta_fill, (20) __rta_reserve, (21) inet6_fill_prefix, (22) rsvp_dump, and (23) cbq_dump_ovl functions."}, {"lang": "es", "value": "El subsistema netlink del kernel de Linux v2.4.x anteriores a la v2.4.37.6 y v2.6.x anteriores a la v2.6.13-rc1 no inicializa unos determinados campos de relleno de estructuras; lo que permite a usuarios locales obtener informaci\u00f3n confidencial de la memoria del kernel a trav\u00e9s de vectores de ataque sin especificar, relacionados con las funciones (1) tc_fill_qdisc, (2) tcf_fill_node, (3) neightbl_fill_info, (4) neightbl_fill_param_info, (5) neigh_fill_info, (6) rtnetlink_fill_ifinfo, (7) rtnetlink_fill_iwinfo, (8) vif_delete, (9) ipmr_destroy_unres, (10) ipmr_cache_alloc_unres, (11) ipmr_cache_resolve, (12) inet6_fill_ifinfo, (13) tca_get_fill, (14) tca_action_flush, (15) tcf_add_notify, (16) tc_dump_action, (17) cbq_dump_police, (18) __nlmsg_put, (19) __rta_fill, (20) __rta_reserve, (21) inet6_fill_prefix, (22) rsvp_dump, y (23) cbq_dump_ovl."}], "id": "CVE-2005-4881", "lastModified": "2024-11-21T00:05:24.370", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-10-19T20:00:00.420", "references": [{"source": "cve@mitre.org", "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git%3Ba=commit%3Bh=0f3f2328f63c521fe4b435f148687452f98b2349"}, {"source": "cve@mitre.org", "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git%3Ba=commit%3Bh=30e744716c4a6cc4e8ecaaddf68f20057c03dc8d"}, {"source": "cve@mitre.org", "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git%3Ba=commit%3Bh=3408cce0c2f380884070896420ca566704452fb5"}, {"source": "cve@mitre.org", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8a47077a0b5aa2649751c46e7a27884e6686ccbf"}, {"source": "cve@mitre.org", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9ef1d4c7c7aca1cd436612b6ca785b726ffb8ed8"}, {"source": "cve@mitre.org", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b3563c4fbff906991a1b4ef4609f99cca2a0de6a"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://marc.info/?l=git-commits-head&m=112002138324380"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/37084"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/37909"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.6"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.13/ChangeLog-2.6.13-rc1"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2009/09/05/2"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2009/09/06/2"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2009/09/07/2"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2009/09/17/1"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2009/09/17/9"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2009-1522.html"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521601"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11744"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git%3Ba=commit%3Bh=0f3f2328f63c521fe4b435f148687452f98b2349"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git%3Ba=commit%3Bh=30e744716c4a6cc4e8ecaaddf68f20057c03dc8d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git%3Ba=commit%3Bh=3408cce0c2f380884070896420ca566704452fb5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8a47077a0b5aa2649751c46e7a27884e6686ccbf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9ef1d4c7c7aca1cd436612b6ca785b726ffb8ed8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b3563c4fbff906991a1b4ef4609f99cca2a0de6a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://marc.info/?l=git-commits-head&m=112002138324380"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/37084"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/37909"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.13/ChangeLog-2.6.13-rc1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2009/09/05/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2009/09/06/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2009/09/07/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2009/09/17/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2009/09/17/9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2009-1522.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521601"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11744"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/CVE-2005-4881\n\nThis issue has been rated as having moderate security impact. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5, and Red Hat Enterprise MRG. It affects Red Hat Enterprise Linux 3, and 4.\n\nIt was addressed in Red Hat Enterprise Linux 4 via: https://rhn.redhat.com/errata/RHSA-2009-1522.html\n\nThis issue is not planned to be fixed in Red Hat Enterprise Linux 3, due to this product being in Production 3 of its maintenance life-cycle, where only qualified security errata of important and critical impact are addressed.\n\nFor further information about Errata Support Policy, visit: http://www.redhat.com/security/updates/errata/", "lastModified": "2009-10-22T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2009:1522", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "kernel-0:2.6.9-89.0.15.EL", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2009-10-22T00:00:00Z"}], "bugzilla": {"description": "kernel: netlink: fix numerous padding memleaks", "id": "521601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521601"}, "csaw": false, "cvss": {"cvss_base_score": "2.1", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "status": "verified"}, "details": ["The netlink subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.13-rc1 does not initialize certain padding fields in structures, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors, related to the (1) tc_fill_qdisc, (2) tcf_fill_node, (3) neightbl_fill_info, (4) neightbl_fill_param_info, (5) neigh_fill_info, (6) rtnetlink_fill_ifinfo, (7) rtnetlink_fill_iwinfo, (8) vif_delete, (9) ipmr_destroy_unres, (10) ipmr_cache_alloc_unres, (11) ipmr_cache_resolve, (12) inet6_fill_ifinfo, (13) tca_get_fill, (14) tca_action_flush, (15) tcf_add_notify, (16) tc_dump_action, (17) cbq_dump_police, (18) __nlmsg_put, (19) __rta_fill, (20) __rta_reserve, (21) inet6_fill_prefix, (22) rsvp_dump, and (23) cbq_dump_ovl functions."], "name": "CVE-2005-4881", "public_date": "2005-06-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2005-4881\nhttps://nvd.nist.gov/vuln/detail/CVE-2005-4881"], "statement": "This issue has been rated as having moderate security impact. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5, and Red Hat Enterprise MRG. It affects Red Hat Enterprise Linux 3, and 4.\nThis issue is not planned to be fixed in Red Hat Enterprise Linux 3, due to this product being in Production 3 of its maintenance life-cycle, where only qualified security errata of important and critical impact are addressed.\nFor further information about Errata Support Policy, visit: https://access.redhat.com/support/policy/updates/errata/", "threat_severity": "Moderate"}