CVE-2005-4605

Linux Kernel < 2.6.15 - Information Disclosure via Signed-Unsigned Integer Overflow in ProcFS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-4605. PoCs published by Jon Oberheide.

AI-analyzed exploit summary This exploit leverages a signed/unsigned integer overflow in Linux Kernel's procfs to read sensitive kernel memory by seeking to a large offset in /proc/uptime. It demonstrates an information disclosure vulnerability in kernels before 2.6.15.

Description

The procfs code (proc_misc.c) in Linux 2.6.14.3 and other versions before 2.6.15 allows attackers to read sensitive kernel memory via unspecified vectors in which a signed value is added to an unsigned value.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Jon Oberheide · clocallinux
https://www.exploit-db.com/exploits/9363

This exploit leverages a signed/unsigned integer overflow in Linux Kernel's procfs to read sensitive kernel memory by seeking to a large offset in /proc/uptime. It demonstrates an information disclosure vulnerability in kernels before 2.6.15.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Linux Kernel < 2.6.15
No auth needed
Prerequisites: Access to a vulnerable Linux system with /proc mounted
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (22)

Core 22
Core References
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2006:040
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2006-0101.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/23811
Third Party Advisory, VDB Entry vendor-advisory x_refsource_fedora
http://www.securityfocus.com/archive/1/427981/100/0/threaded
Mailing List mailing-list x_refsource_fulldisc
http://marc.info/?l=full-disclosure&m=113535380422339&w=2
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18788
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19038
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11747
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/16284
Vendor Advisory vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2006_06_kernel.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18510
Various Sources vendor-advisory x_refsource_suse
http://lists.suse.de/archive/suse-security-announce/2006-Feb/0010.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18351
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18216
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2006/dsa-1017
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/244-1/
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18527
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19374

Scores

EPSS 0.0102
EPSS Percentile 58.9%

Details

Status published
Products (3)
linux/linux_kernel 2.6.14 rc1 (4 CPE variants)
linux/linux_kernel 2.6.14.3
linux/linux_kernel 2.6.15 rc1 (2 CPE variants)
Published Dec 31, 2005
Tracked Since Feb 18, 2026