CVE-2005-2872 Information

Description

The ipt_recent kernel module (ipt_recent.c) in Linux kernel before 2.6.12 when running on 64-bit processors such as AMD64 allows remote attackers to cause a denial of service (kernel panic) via certain attacks such as SSH brute force which leads to memset calls using a length based on the u_int32_t type acting on an array of unsigned long elements a different vulnerability than CVE-2005-2873.

Reference

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322237 http://secunia.com/advisories/17073 http://secunia.com/advisories/17826 http://secunia.com/advisories/17918 http://secunia.com/advisories/18056 http://secunia.com/advisories/18059 http://www.debian.org/security/2005/dsa-921 http://www.debian.org/security/2005/dsa-922 http://www.kernel.org/git/?p=linux/kernel/git/chrisw/lsm-2.6.git;a=commit;h=bcfff0b471a60df350338bcd727fc9b8a6aa54b2 http://www.mandriva.com/security/advisories?name=MDKSA-2005:219 http://www.mandriva.com/security/advisories?name=MDKSA-2005:220 http://www.redhat.com/support/errata/RHSA-2005-514.html http://www.securityfocus.com/archive/1/419522/100/0/threaded http://www.securityfocus.com/archive/1/427980/100/0/threaded http://www.securityfocus.com/bid/14791 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11394