CVE-2004-1235

Description

Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.

CVSS Metrics

• v2.0•MEDIUM•Score: 6.2AV:L/AC:H/Au:N/C:C/I:C/A:C

EPSS Trends

Current EPSS score: 0.08%• Percentile: 24%

Affected Systems

• avaya•converged_communications_server

  2.0

• avaya•modular_messaging_message_storage_server

  1.1 | 2.0

• avaya•s8300

  r2.0.0 | r2.0.1

• avaya•s8500

  r2.0.0 | r2.0.1

• avaya•s8700

  r2.0.0 | r2.0.1

• avaya•s8710

  r2.0.0 | r2.0.1

• conectiva•linux

  10.0

• linux•linux_kernel

  2.4.0 | 2.4.0:test1 | 2.4.0:test10 | 2.4.0:test11 | 2.4.0:test12 | 2.4.0:test2 | 2.4.0:test3 | 2.4.0:test4 | 2.4.0:test5 | 2.4.0:test6 | 2.4.0:test7 | 2.4.0:test8 | 2.4.0:test9 | 2.4.1 | 2.4.2 | 2.4.3 | 2.4.4 | 2.4.5 | 2.4.6 | 2.4.7 | 2.4.8 | 2.4.9 | 2.4.10 | 2.4.11 | 2.4.12 | 2.4.13 | 2.4.14 | 2.4.15 | 2.4.16 | 2.4.17 | 2.4.18 | 2.4.18:pre1 | 2.4.18:pre2 | 2.4.18:pre3 | 2.4.18:pre4 | 2.4.18:pre5 | 2.4.18:pre6 | 2.4.18:pre7 | 2.4.18:pre8 | 2.4.19 | 2.4.19:pre1 | 2.4.19:pre2 | 2.4.19:pre3 | 2.4.19:pre4 | 2.4.19:pre5 | 2.4.19:pre6 | 2.4.20 | 2.4.21 | 2.4.21:pre1 | 2.4.21:pre4 | 2.4.21:pre7 | 2.4.22 | 2.4.23 | 2.4.23:pre9 | 2.4.23_ow2 | 2.4.24 | 2.4.24_ow1 | 2.4.25 | 2.4.26 | 2.4.27 | 2.4.27:pre1 | 2.4.27:pre2 | 2.4.27:pre3 | 2.4.27:pre4 | 2.4.27:pre5 | 2.4.28 | 2.4.29:rc2 | 2.6.0 | 2.6.0:test1 | 2.6.0:test10 | 2.6.0:test11 | 2.6.0:test2 | 2.6.0:test3 | 2.6.0:test4 | 2.6.0:test5 | 2.6.0:test6 | 2.6.0:test7 | 2.6.0:test8 | 2.6.0:test9 | 2.6.1 | 2.6.1:rc1 | 2.6.1:rc2 | 2.6.2 | 2.6.3 | 2.6.4 | 2.6.5 | 2.6.6 | 2.6.6:rc1 | 2.6.7 | 2.6.7:rc1 | 2.6.8 | 2.6.8:rc1 | 2.6.8:rc2 | 2.6.8:rc3 | 2.6.9:2.6.20 | 2.6.10 | 2.6.10:rc2 | 2.6_test9_cvs

• mandrakesoft•mandrake_linux

  9.2 | 10.0 | 10.1

• mandrakesoft•mandrake_linux_corporate_server

  2.1 | 3.0

• mandrakesoft•mandrake_multi_network_firewall

  8.2

• redhat•enterprise_linux

  3.0 | 4.0

• redhat•enterprise_linux_desktop

  3.0 | 4.0

• redhat•fedora_core

  core_1.0 | core_2.0 | core_3.0

• redhat•linux

  7.3 | 9.0

• suse•suse_linux

  10 | 8 | 8.1 | 8.2 | 9.0 | 9.1 | 9.2

• ubuntu•ubuntu_linux

  4.1

References (25)

• http://secunia.com/advisories/20163
• http://www.debian.org/security/2006/dsa-1082
• http://www.mandriva.com/security/advisories?name=MDKSA-2005:022
• http://www.redhat.com/support/errata/RHSA-2005-017.html
• https://bugzilla.fedora.us/show_bug.cgi?id=2336
• http://www.securityfocus.com/advisories/7804
• http://isec.pl/vulnerabilities/isec-0021-uselib.txt
• http://www.debian.org/security/2006/dsa-1070
• http://www.redhat.com/support/errata/RHSA-2005-016.html
• http://secunia.com/advisories/20162
• http://www.redhat.com/support/errata/RHSA-2005-043.html
• http://www.trustix.org/errata/2005/0001/
• http://www.redhat.com/support/errata/RHSA-2005-092.html
• http://www.debian.org/security/2006/dsa-1067
• http://www.securityfocus.com/advisories/7805
• http://www.debian.org/security/2006/dsa-1069
• http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
• http://www.novell.com/linux/security/advisories/2005_01_sr.html
• http://www.securityfocus.com/bid/12190
• https://exchange.xforce.ibmcloud.com/vulnerabilities/18800
• http://marc.info/?l=bugtraq&m=110512575901427&w=2
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9567
• http://www.securityfocus.com/advisories/7806
• http://secunia.com/advisories/20202
• http://secunia.com/advisories/20338