CVE-2004-0554

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a "crash.c" program.

References

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000845

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=15905

http://linuxreviews.org/news/2004-06-11_kernel_crash/index.html

http://lwn.net/Articles/91155/

http://marc.info/?l=bugtraq&m=108786114032681&w=2

http://marc.info/?l=bugtraq&m=108793699910896&w=2

http://marc.info/?l=linux-kernel&m=108681568931323&w=2

http://secunia.com/advisories/20162

http://secunia.com/advisories/20163

http://secunia.com/advisories/20202

http://secunia.com/advisories/20338

http://security.gentoo.org/glsa/glsa-200407-02.xml

http://www.debian.org/security/2006/dsa-1067

http://www.debian.org/security/2006/dsa-1069

http://www.debian.org/security/2006/dsa-1070

http://www.debian.org/security/2006/dsa-1082

http://www.kb.cert.org/vuls/id/973654

http://www.mandriva.com/security/advisories?name=MDKSA-2004:062

http://www.novell.com/linux/security/advisories/2004_17_kernel.html

http://www.redhat.com/support/errata/RHSA-2004-255.html

http://www.redhat.com/support/errata/RHSA-2004-260.html

http://www.securityfocus.com/bid/10538

http://www.trustix.net/errata/2004/0034/

https://exchange.xforce.ibmcloud.com/vulnerabilities/16412

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2915

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9426

Details

Source: MITRE

Published: 2004-08-06

Updated: 2017-10-11

Risk Information

CVSS v2

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

Vulnerable Software

Configuration 1

OR

cpe:2.3:h:avaya:converged_communications_server:2.0:*:*:*:*:*:*:*

cpe:2.3:o:avaya:modular_messaging_message_storage_server:s3400:*:*:*:*:*:*:*

cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.18:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.19:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.21:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.22:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.23:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.24:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.25:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.26:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.0:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.1:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.1:rc1:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.1:rc2:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.2:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.3:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.4:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.5:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.6:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.6:rc1:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.7:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.7:rc1:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:7:*:enterprise_server:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:8.0:*:i386:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:avaya:intuity_audix:*:*:lx:*:*:*:*:*

cpe:2.3:a:suse:suse_email_server:3.1:*:*:*:*:*:*:*

cpe:2.3:a:suse:suse_email_server:iii:*:*:*:*:*:*:*

cpe:2.3:a:suse:suse_linux_admin-cd_for_firewall:*:*:*:*:*:*:*:*

cpe:2.3:a:suse:suse_linux_connectivity_server:*:*:*:*:*:*:*:*

cpe:2.3:a:suse:suse_linux_database_server:*:*:*:*:*:*:*:*

cpe:2.3:a:suse:suse_linux_firewall_cd:*:*:*:*:*:*:*:*

cpe:2.3:a:suse:suse_linux_office_server:*:*:*:*:*:*:*:*

cpe:2.3:a:suse:suse_office_server:*:*:*:*:*:*:*:*

cpe:2.3:h:avaya:s8300:r2.0.0:*:*:*:*:*:*:*

cpe:2.3:h:avaya:s8300:r2.0.1:*:*:*:*:*:*:*

cpe:2.3:h:avaya:s8500:r2.0.0:*:*:*:*:*:*:*

cpe:2.3:h:avaya:s8500:r2.0.1:*:*:*:*:*:*:*

cpe:2.3:h:avaya:s8700:r2.0.0:*:*:*:*:*:*:*

cpe:2.3:h:avaya:s8700:r2.0.1:*:*:*:*:*:*:*

cpe:2.3:o:conectiva:linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:conectiva:linux:9.0:*:*:*:*:*:*:*

Tenable Plugins

View all (12 total)

IDNameProductFamilySeverity
22624Debian DSA-1082-1 : kernel-source-2.4.17 - several vulnerabilitiesNessusDebian Local Security Checks
critical
22612Debian DSA-1070-1 : kernel-source-2.4.19 - several vulnerabilitiesNessusDebian Local Security Checks
critical
22611Debian DSA-1069-1 : kernel-source-2.4.18 - several vulnerabilitiesNessusDebian Local Security Checks
critical
22609Debian DSA-1067-1 : kernel-source-2.4.16 - several vulnerabilitiesNessusDebian Local Security Checks
critical
18791Slackware 8.1 / 9.0 / 9.1 / current : kernel DoS (SSA:2004-167-01)NessusSlackware Local Security Checks
low
14535GLSA-200407-02 : Linux Kernel: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
14161Mandrake Linux Security Advisory : kernel (MDKSA-2004:062)NessusMandriva Local Security Checks
low
13833SuSE-SA:2004:017: kernelNessusSuSE Local Security Checks
low
13731Fedora Core 1 : kernel-2.4.22-1.2194.nptl (2004-186)NessusFedora Local Security Checks
high
12509RHEL 2.1 : kernel (RHSA-2004:260)NessusRed Hat Local Security Checks
high
12508RHEL 3 : kernel (RHSA-2004:255)NessusRed Hat Local Security Checks
high
801553Fedora 2004-186 Security CheckLog Correlation EngineGeneric
high