CVE-2004-0109

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Buffer overflow in the ISO9660 file system component for Linux kernel 2.4.x, 2.5.x and 2.6.x, allows local users with physical access to overflow kernel memory and execute arbitrary code via a malformed CD containing a long symbolic link entry.

References

ftp://patches.sgi.com/support/free/security/advisories/20040405-01-U.asc

ftp://patches.sgi.com/support/free/security/advisories/20040504-01-U.asc

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846

http://marc.info/?l=bugtraq&m=108213675028441&w=2

http://rhn.redhat.com/errata/RHSA-2004-166.html

http://secunia.com/advisories/11361

http://secunia.com/advisories/11362

http://secunia.com/advisories/11373

http://secunia.com/advisories/11429

http://secunia.com/advisories/11464

http://secunia.com/advisories/11469

http://secunia.com/advisories/11470

http://secunia.com/advisories/11486

http://secunia.com/advisories/11494

http://secunia.com/advisories/11518

http://secunia.com/advisories/11626

http://secunia.com/advisories/11861

http://secunia.com/advisories/11891

http://secunia.com/advisories/11986

http://secunia.com/advisories/12003

http://security.gentoo.org/glsa/glsa-200407-02.xml

http://www.ciac.org/ciac/bulletins/o-121.shtml

http://www.ciac.org/ciac/bulletins/o-127.shtml

http://www.debian.org/security/2004/dsa-479

http://www.debian.org/security/2004/dsa-480

http://www.debian.org/security/2004/dsa-481

http://www.debian.org/security/2004/dsa-482

http://www.debian.org/security/2004/dsa-489

http://www.debian.org/security/2004/dsa-491

http://www.debian.org/security/2004/dsa-495

http://www.idefense.com/application/poi/display?id=101&type=vulnerabilities

http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html

http://www.mandriva.com/security/advisories?name=MDKSA-2004:029

http://www.novell.com/linux/security/advisories/2004_09_kernel.html

http://www.redhat.com/support/errata/RHSA-2004-105.html

http://www.redhat.com/support/errata/RHSA-2004-106.html

http://www.redhat.com/support/errata/RHSA-2004-183.html

http://www.securityfocus.com/bid/10141

http://www.turbolinux.com/security/2004/TLSA-2004-14.txt

https://exchange.xforce.ibmcloud.com/vulnerabilities/15866

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10733

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A940

Details

Source: MITRE

Published: 2004-06-01

Updated: 2017-10-11

Risk Information

CVSS v2

Base Score: 4.6

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 3.9

Severity: MEDIUM

Tenable Plugins

View all (14 total)

IDNameProductFamilySeverity
15332Debian DSA-495-1 : linux-kernel-2.4.16-arm - several vulnerabilitiesNessusDebian Local Security Checks
high
15328Debian DSA-491-1 : linux-kernel-2.4.19-mips - several vulnerabilitiesNessusDebian Local Security Checks
high
15326Debian DSA-489-1 : linux-kernel-2.4.17-mips+mipsel - several vulnerabilitiesNessusDebian Local Security Checks
high
15319Debian DSA-482-1 : linux-kernel-2.4.17-apus+s390 - several vulnerabilitiesNessusDebian Local Security Checks
high
15318Debian DSA-481-1 : linux-kernel-2.4.17-ia64 - several vulnerabilitiesNessusDebian Local Security Checks
high
15317Debian DSA-480-1 : linux-kernel-2.4.17+2.4.18-hppa - several vulnerabilitiesNessusDebian Local Security Checks
high
15316Debian DSA-479-1 : linux-kernel-2.4.18-alpha+i386+powerpc - several vulnerabilitiesNessusDebian Local Security Checks
high
14535GLSA-200407-02 : Linux Kernel: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
14128Mandrake Linux Security Advisory : kernel (MDKSA-2004:029)NessusMandriva Local Security Checks
medium
13827SuSE-SA:2004:009: Linux KernelNessusSuSE Local Security Checks
medium
13685Fedora Core 1 : kernel-2.4.22-1.2179.nptl (2004-101)NessusFedora Local Security Checks
medium
12493RHEL 3 : kernel (RHSA-2004:183)NessusRed Hat Local Security Checks
high
12477RHEL 2.1 : kernel (RHSA-2004:105)NessusRed Hat Local Security Checks
medium
801591Red Hat 2004-105 Security CheckLog Correlation EngineGeneric
high