CVE-2004-0427

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before 2.6.6, does not properly decrement the mm_count counter when an error occurs after the mm_struct for a child process has been activated, which triggers a memory leak that allows local users to cause a denial of service (memory exhaustion) via the clone (CLONE_VM) system call.

References

ftp://patches.sgi.com/support/free/security/advisories/20040504-01-U.asc

ftp://patches.sgi.com/support/free/security/advisories/20040505-01-U.asc

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846

http://fedoranews.org/updates/FEDORA-2004-111.shtml

http://linux.bkbits.net:8080/linux-2.4/[email protected]_tpvSE-8EFHA

http://linux.bkbits.net:8080/linux-2.6/[email protected]_-RcF0726A

http://marc.info/?l=linux-kernel&m=108139073506983&w=2

http://secunia.com/advisories/11429

http://secunia.com/advisories/11464

http://secunia.com/advisories/11486

http://secunia.com/advisories/11541

http://secunia.com/advisories/11861

http://secunia.com/advisories/11891

http://secunia.com/advisories/11892

http://secunia.com/advisories/20162

http://secunia.com/advisories/20163

http://secunia.com/advisories/20202

http://secunia.com/advisories/20338

http://security.gentoo.org/glsa/glsa-200407-02.xml

http://www.ciac.org/ciac/bulletins/o-164.shtml

http://www.debian.org/security/2006/dsa-1067

http://www.debian.org/security/2006/dsa-1069

http://www.debian.org/security/2006/dsa-1070

http://www.debian.org/security/2006/dsa-1082

http://www.mandriva.com/security/advisories?name=MDKSA-2004:037

http://www.novell.com/linux/security/advisories/2004_10_kernel.html

http://www.redhat.com/support/errata/RHSA-2004-255.html

http://www.redhat.com/support/errata/RHSA-2004-260.html

http://www.redhat.com/support/errata/RHSA-2004-327.html

http://www.securityfocus.com/bid/10221

http://www.turbolinux.com/security/2004/TLSA-2004-14.txt

https://exchange.xforce.ibmcloud.com/vulnerabilities/16002

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10297

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2819

Details

Source: MITRE

Published: 2004-07-07

Updated: 2018-05-03

Risk Information

CVSS v2

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

Tenable Plugins

View all (11 total)

IDNameProductFamilySeverity
22624Debian DSA-1082-1 : kernel-source-2.4.17 - several vulnerabilitiesNessusDebian Local Security Checks
critical
22612Debian DSA-1070-1 : kernel-source-2.4.19 - several vulnerabilitiesNessusDebian Local Security Checks
critical
22611Debian DSA-1069-1 : kernel-source-2.4.18 - several vulnerabilitiesNessusDebian Local Security Checks
critical
22609Debian DSA-1067-1 : kernel-source-2.4.16 - several vulnerabilitiesNessusDebian Local Security Checks
critical
14535GLSA-200407-02 : Linux Kernel: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
14136Mandrake Linux Security Advisory : kernel (MDKSA-2004:037)NessusMandriva Local Security Checks
high
13828SuSE-SA:2004:010: Linux KernelNessusSuSE Local Security Checks
high
13692Fedora Core 1 : kernel-2.4.22-1.2188.nptl (2004-111)NessusFedora Local Security Checks
high
12509RHEL 2.1 : kernel (RHSA-2004:260)NessusRed Hat Local Security Checks
high
12508RHEL 3 : kernel (RHSA-2004:255)NessusRed Hat Local Security Checks
high
801550Fedora 2004-111 Security CheckLog Correlation EngineGeneric
high