CVE-2004-1058

Description

Race condition in Linux kernel 2.6 allows local users to read the environment variables of another process that is still spawning via /proc/.../cmdline.

CVSS Metrics

• v2.0•LOW•Score: 1.2AV:L/AC:H/Au:N/C:P/I:N/A:N

EPSS Trends

Current EPSS score: 0.06%• Percentile: 20%

Affected Systems

• linux•linux_kernel

  2.6.0 | 2.6.0:test1 | 2.6.0:test10 | 2.6.0:test11 | 2.6.0:test2 | 2.6.0:test3 | 2.6.0:test4 | 2.6.0:test5 | 2.6.0:test6 | 2.6.0:test7 | 2.6.0:test8 | 2.6.0:test9 | 2.6.1 | 2.6.1:rc1 | 2.6.1:rc2 | 2.6.2 | 2.6.3 | 2.6.4 | 2.6.5 | 2.6.6 | 2.6.6:rc1 | 2.6.7 | 2.6.7:rc1 | 2.6.8 | 2.6.8:rc1 | 2.6.8:rc2 | 2.6.8:rc3 | 2.6.9:2.6.20 | 2.6.10:rc2 | 2.6_test9_cvs

• ubuntu•ubuntu_linux

  4.1

References (19)

• http://secunia.com/advisories/18684
• http://secunia.com/advisories/19038
• http://www.mandriva.com/security/advisories?name=MDKSA-2005:022
• https://exchange.xforce.ibmcloud.com/vulnerabilities/17151
• http://secunia.com/advisories/19369
• http://secunia.com/advisories/21476
• http://www.securityfocus.com/bid/11937
• http://www.debian.org/security/2006/dsa-1018
• http://www.securityfocus.com/bid/11052
• http://www.gentoo.org/security/en/glsa/glsa-200408-24.xml
• http://secunia.com/advisories/19607
• http://www.redhat.com/support/errata/RHSA-2006-0190.html
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10427
• http://lists.suse.de/archive/suse-security-announce/2006-Feb/0010.html
• https://usn.ubuntu.com/38-1/
• https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532
• ftp://patches.sgi.com/support/free/security/advisories/20060402-01-U
• http://www.redhat.com/support/errata/RHSA-2005-293.html
• http://www.redhat.com/support/errata/RHSA-2006-0191.html