Contents of /retired/CVE-2005-0179

Candidate: CVE-2005-0179
References: 
 http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030660.html
 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
 http://www.redhat.com/support/errata/RHSA-2005-092.html
Description: 
 Linux kernel 2.4.x and 2.6.x allows local users to cause a denial
 of service (CPU and memory  consumption) and bypass RLIM_MEMLOCK
 limits via the mlockall call.
Notes: 
 jmm> The vulnerable code was only introduced in 2.6.9
 dannf> I believe this is fixed in:
  http://linux.bkbits.net:8080/linux-2.6/cset@41e2d63eQyYc3q3MPkKLhEktFoqfUw?nav=index.html|src/|src/mm|related/mm/mmap.c
 dannf> and since that was in 2.6.11, i'll mark upstream as such
Bugs: 
upstream: released (2.6.11)
linux-2.6.16: N/A
linux-2.6: N/A
2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
1	Candidate: CVE-2005-0179
2	References:
3	http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030660.html
4	http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
5	http://www.redhat.com/support/errata/RHSA-2005-092.html
6	Description:
7	Linux kernel 2.4.x and 2.6.x allows local users to cause a denial
8	of service (CPU and memory consumption) and bypass RLIM_MEMLOCK
9	limits via the mlockall call.
10	Notes:
11	jmm> The vulnerable code was only introduced in 2.6.9
12	dannf> I believe this is fixed in:
13	http://linux.bkbits.net:8080/linux-2.6/cset@41e2d63eQyYc3q3MPkKLhEktFoqfUw?nav=index.html\|src/\|src/mm\|related/mm/mmap.c
14	dannf> and since that was in 2.6.11, i'll mark upstream as such
15	Bugs:
16	upstream: released (2.6.11)
17	linux-2.6.16: N/A
18	linux-2.6: N/A
19	2.6.8-sarge-security: N/A
20	2.4.27-sarge-security: N/A