CVE-2004-1068

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A "missing serialization" error in the unix_dgram_recvmsg function in Linux 2.4.27 and earlier, and 2.6.x up to 2.6.9, allows local users to gain privileges via a race condition.

References

ftp://patches.sgi.com/support/free/security/advisories/20060402-01-U

http://marc.info/?l=bugtraq&m=110306397320336&w=2

http://secunia.com/advisories/19607

http://secunia.com/advisories/20162

http://secunia.com/advisories/20163

http://secunia.com/advisories/20202

http://secunia.com/advisories/20338

http://www.debian.org/security/2006/dsa-1067

http://www.debian.org/security/2006/dsa-1069

http://www.debian.org/security/2006/dsa-1070

http://www.debian.org/security/2006/dsa-1082

http://www.mandriva.com/security/advisories?name=MDKSA-2005:022

http://www.novell.com/linux/security/advisories/2004_44_kernel.html

http://www.redhat.com/support/errata/RHSA-2004-504.html

http://www.redhat.com/support/errata/RHSA-2004-505.html

http://www.redhat.com/support/errata/RHSA-2004-537.html

http://www.securityfocus.com/archive/1/381689

http://www.securityfocus.com/bid/11715

https://bugzilla.fedora.us/show_bug.cgi?id=2336

https://exchange.xforce.ibmcloud.com/vulnerabilities/18230

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11384

Details

Source: MITRE

Published: 2005-01-10

Updated: 2017-10-11

Risk Information

CVSS v2

Base Score: 6.2

Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 1.9

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.0:test1:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.0:test10:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.0:test11:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.0:test12:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.0:test2:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.0:test3:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.0:test4:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.0:test5:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.0:test6:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.0:test7:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.0:test8:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.0:test9:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.1:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.2:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.3:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.4:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.5:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.6:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.7:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.8:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.9:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.10:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.12:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.13:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.14:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.15:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.16:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.17:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.18:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.18:*:x86:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.18:pre1:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.18:pre2:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.18:pre3:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.18:pre4:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.18:pre5:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.18:pre6:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.18:pre7:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.18:pre8:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.19:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.19:pre1:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.19:pre2:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.19:pre3:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.19:pre4:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.19:pre5:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.19:pre6:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.20:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.21:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.21:pre1:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.21:pre4:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.21:pre7:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.22:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.23:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.23:pre9:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.23_ow2:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.24:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.24_ow1:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.25:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.26:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.27:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.27:pre1:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.27:pre2:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.27:pre3:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.27:pre4:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.27:pre5:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*

cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*

Tenable Plugins

View all (10 total)

IDNameProductFamilySeverity
22624Debian DSA-1082-1 : kernel-source-2.4.17 - several vulnerabilitiesNessusDebian Local Security Checks
critical
22612Debian DSA-1070-1 : kernel-source-2.4.19 - several vulnerabilitiesNessusDebian Local Security Checks
critical
22611Debian DSA-1069-1 : kernel-source-2.4.18 - several vulnerabilitiesNessusDebian Local Security Checks
critical
22609Debian DSA-1067-1 : kernel-source-2.4.16 - several vulnerabilitiesNessusDebian Local Security Checks
critical
20654Ubuntu 4.10 : linux-source-2.6.8.1 vulnerabilities (USN-38-1)NessusUbuntu Local Security Checks
critical
16303SUSE-SA:2004:044: kernelNessusSuSE Local Security Checks
critical
16259Mandrake Linux Security Advisory : kernel (MDKSA-2005:022)NessusMandriva Local Security Checks
critical
15958RHEL 2.1 : kernel (RHSA-2004:505)NessusRed Hat Local Security Checks
high
15944RHEL 3 : kernel (RHSA-2004:549)NessusRed Hat Local Security Checks
high
15943RHEL 2.1 / 3 : openmotif (RHSA-2004:537)NessusRed Hat Local Security Checks
critical