Linux Kernel up to 2.6.12 inflate.c huft_build null pointer dereference

| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.1 | $0-$5k | 0.00 |
Summary
A vulnerability has been found in Linux Kernel and classified as problematic. The impacted element is the function huft_build of the file inflate.c. The manipulation leads to null pointer dereference.
This vulnerability is traded as CVE-2005-2459. There is no exploit available.
The affected component should be upgraded.
Details
A vulnerability was found in Linux Kernel (Operating System). It has been rated as problematic. This issue affects the function huft_build of the file inflate.c. The manipulation with an unknown input leads to a null pointer dereference vulnerability. Using CWE to declare the problem leads to CWE-476. A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. Impacted is availability. The summary by CVE is:
The huft_build function in inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 returns the wrong value, which allows remote attackers to cause a denial of service (kernel crash) via a certain compressed file that leads to a null pointer dereference, a different vulnerbility than CVE-2005-2458.
The bug was discovered 08/19/2005. The weakness was shared 08/23/2005 with Gentoo (Website). It is possible to read the advisory at secunia.com. The identification of this vulnerability is CVE-2005-2459 since 08/05/2005. The exploitation is known to be easy. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. Technical details of the vulnerability are known, but there is no available exploit.
The vulnerability was handled as a non-public zero-day exploit for at least 614 days. During that time the estimated underground price was around $5k-$25k. The vulnerability scanner Nessus provides a plugin with the ID 22787 (Debian DSA-921-1 : kernel-source-2.4.27 - several vulnerabilities), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Debian Local Security Checks and running in the context l.
Upgrading to version 2.6.12.5 eliminates this vulnerability. A possible mitigation has been published 5 months after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (22170), Tenable (22787), SecurityFocus (BID 14720†), OSVDB (19028†) and Secunia (SA16355†). The entries VDB-1688, VDB-1686, VDB-26098 and VDB-26097 are related to this item. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Type
Vendor
Name
Version
- 2.6 Test9 Cvs
- 2.6.0
- 2.6.1
- 2.6.2
- 2.6.3
- 2.6.4
- 2.6.5
- 2.6.6
- 2.6.7
- 2.6.8
- 2.6.8.1
- 2.6.8.1.5
- 2.6.9
- 2.6.10
- 2.6.11
- 2.6.11 Rc1 Bk6
- 2.6.11.1
- 2.6.11.2
- 2.6.11.3
- 2.6.11.4
- 2.6.11.5
- 2.6.11.6
- 2.6.11.7
- 2.6.11.8
- 2.6.12
License
Website
- Vendor: https://www.kernel.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.3VulDB Meta Temp Score: 5.1
VulDB Base Score: 5.3
VulDB Temp Score: 5.1
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Null pointer dereferenceCWE: CWE-476 / CWE-404
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 22787
Nessus Name: Debian DSA-921-1 : kernel-source-2.4.27 - several vulnerabilities
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
OpenVAS ID: 56013
OpenVAS Name: Debian Security Advisory DSA 921-1 (kernel-source-2.4.27)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Upgrade: Kernel 2.6.12.5
Timeline
12/18/2003 🔍08/05/2005 🔍
08/19/2005 🔍
08/19/2005 🔍
08/23/2005 🔍
08/23/2005 🔍
09/01/2005 🔍
12/14/2005 🔍
10/14/2006 🔍
01/02/2008 🔍
03/11/2015 🔍
08/02/2019 🔍
Sources
Vendor: kernel.orgAdvisory: secunia.com⛔
Organization: Gentoo
Status: Not defined
Confirmation: 🔍
CVE: CVE-2005-2459 (🔍)
GCVE (CVE): GCVE-0-2005-2459
GCVE (VulDB): GCVE-100-26099
X-Force: 22170
SecurityFocus: 14720 - Linux Kernel ZLib Local Null Pointer Dereference Denial of Service Vulnerability
Secunia: 16355
OSVDB: 19028 - Linux Kernel - ZLib Local Null Pointer Dereference Denial of Service Issue
Vulnerability Center: 17256 - Linux Kernel < 2.6.12.5 huft_build Function in inflate.c in the zlib Routines Allows Remote DoS, High
See also: 🔍
Entry
Created: 03/11/2015 23:39Updated: 08/02/2019 16:34
Changes: 03/11/2015 23:39 (77), 08/02/2019 16:34 (7)
Complete: 🔍
Cache ID: 216::103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.