CVE-2005-2459

CVSS V2 Medium 5 CVSS V3 None

Description

The huft_build function in inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 returns the wrong value, which allows remote attackers to cause a denial of service (kernel crash) via a certain compressed file that leads to a null pointer dereference, a different vulnerability than CVE-2005-2458.

Overview

CVE ID
CVE-2005-2459

Assigner
cve@mitre.org

Vulnerability Status
Modified

Published Version
2005-08-23T04:00:00

Last Modified Date
2018-10-19T15:32:56

Weakness Enumerations

CWE	URL
CWE-476	http://cwe.mitre.org/data/definitions/476.html

CPE Configuration (Product)

CPE	Vulnerable	Operator
cpe:2.3:o:linux:linux_kernel:2.6.0:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.0:test1::::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.0:test10::::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.0:test11::::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.0:test2::::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.0:test3::::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.0:test4::::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.0:test5::::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.0:test6::::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.0:test7::::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.0:test8::::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.0:test9::::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.1:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.1:rc1::::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.1:rc2::::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.2:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.3:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.4:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.5:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.6:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.6:rc1::::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.7:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.7:rc1::::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.8:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.8:rc1::::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.8:rc2::::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.8:rc3::::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.8.1:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.8.1.5:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.8.1.5::386:::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.8.1.5::686:::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.8.1.5::686_smp:::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.8.1.5::amd64:::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.8.1.5::amd64_k8:::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.8.1.5::amd64_k8_smp:::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.8.1.5::amd64_xeon:::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.8.1.5::k7:::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.8.1.5::k7_smp:::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.8.1.5::power3:::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.8.1.5::power3_smp:::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.8.1.5::power4:::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.8.1.5::power4_smp:::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.8.1.5::powerpc:::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.8.1.5::powerpc_smp:::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.9:2.6.20::::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.10:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.10:rc2::::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.11:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.11:rc2::::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.11:rc3::::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.11:rc4::::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.11.1:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.11.2:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.11.3:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.11.4:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.11.5:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.11.6:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.11.7:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.11.8:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.11_rc1_bk6:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.12:rc1::::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.12:rc4::::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.6_test9_cvs:::::::*	1	OR
cpe:2.3:o:debian:debian_linux:3.1:::::::*	1	OR

CVSS Version 2

Version
2.0

Vector String
AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector
NETWORK

Access Compatibility
LOW

Authentication
NONE

Confidentiality Impact
NONE

Integrity Impact
NONE

Availability Impact
PARTIAL

Base Score
5

Severity
MEDIUM

Exploitability Score
10

Impact Score
2.9

References

Reference URL	Reference Tags
http://bugs.gentoo.org/show_bug.cgi?id=94584	Third Party Advisory
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.5	Vendor Advisory
http://secunia.com/advisories/16355/	Permissions Required Third Party Advisory
http://secunia.com/advisories/16500	Permissions Required Third Party Advisory
http://www.novell.com/linux/security/advisories/2005_50_kernel.html	Broken Link
http://www.debian.org/security/2005/dsa-922	Third Party Advisory
http://www.securityfocus.com/bid/14720	Third Party Advisory VDB Entry
http://www.debian.org/security/2005/dsa-921	Third Party Advisory
http://secunia.com/advisories/17918	Permissions Required Third Party Advisory
http://secunia.com/advisories/18056	Permissions Required Third Party Advisory
http://secunia.com/advisories/18059	Permissions Required Third Party Advisory
http://secunia.com/advisories/17826	Permissions Required Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2005:220
http://www.mandriva.com/security/advisories?name=MDKSA-2005:219
https://usn.ubuntu.com/169-1/
http://www.securityfocus.com/archive/1/419522/100/0/threaded

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2005-2459
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2459

History

Created	Old Value	New Value	Data Type	Notes
2022-05-10 18:05:18				Added to TrackCVE