{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[],"affected_systems_content":"<p>Linux 2.4.22 et versions ant\u00e9rieures.</p>","content":"## Description\n\nUne vuln\u00e9rabilit\u00e9 est pr\u00e9sente dans la fonction do_brk() du noyau Linux\n(contr\u00f4le incorrect de l'adresse haute de la zone m\u00e9moire dynamique\n(TAS) du processus).\n\n  \nUn utilisateur mal intentionn\u00e9 peut exploiter cette vuln\u00e9rabilit\u00e9 afin\nd'obtenir les privil\u00e8ges du super-utilisateur root ou r\u00e9aliser un d\u00e9ni\nde service par arr\u00eat brutal du syst\u00e8me.\n\n## Solution\n\nLa version 2.4.23 du noyau Linux corrige cette vuln\u00e9rabilit\u00e9.\n","cves":[],"links":[{"title":"Bulletin de s\u00e9curit\u00e9 SuSE-SA:2003:049 de SuSE :","url":"http://www.suse.com/de/security/2003_049_kernel.html"},{"title":"Sources du noyau Linux :","url":"http://www.kernel.org"},{"title":"Bulletin de s\u00e9curit\u00e9 GLSA 200312-02 de Gentoo :","url":"http://www.securityfocus.com/advisories/6143"}],"reference":"CERTA-2003-AVI-204","revisions":[{"description":"version initiale.","revision_date":"2003-12-02T00:00:00.000000"},{"description":"ajout r\u00e9f\u00e9rences aux bulletins de SuSE et Gentoo.","revision_date":"2003-12-05T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service"},{"description":"\u00c9l\u00e9vation de privil\u00e8ges"}],"summary":null,"title":"Vuln\u00e9rabilit\u00e9 du noyau Linux","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 MDKSA-2003:110 de Mandrake","url":"http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:110"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 DSA-403 de Debian","url":"http://www.debian.org/security/2003/dsa-403"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 RHSA-2003:392 de Red Hat","url":"http://rhn.redhat.com/errata/RHSA-2003-392.html"}]}