Lucene search
HistoryApr 14, 2005 - 4:00 a.m.
CVE-2004-1235
CVSS2
6.2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:C/I:C/A:C
AI Score
6.8
Confidence
Low
EPSS
0.001
Percentile
16.5%
Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.
Affected configurations
Node
avayamn100
ORavayanetwork_routing
ORavayaconverged_communications_serverMatch2.0
ORavayas8710Matchr2.0.0
ORavayas8710Matchr2.0.1
ORavayamodular_messaging_message_storage_serverMatch1.1
ORavayamodular_messaging_message_storage_serverMatch2.0
ORlinuxlinux_kernelMatch2.4.0
ORlinuxlinux_kernelMatch2.4.0test1
ORlinuxlinux_kernelMatch2.4.0test10
ORlinuxlinux_kernelMatch2.4.0test11
ORlinuxlinux_kernelMatch2.4.0test12
ORlinuxlinux_kernelMatch2.4.0test2
ORlinuxlinux_kernelMatch2.4.0test3
ORlinuxlinux_kernelMatch2.4.0test4
ORlinuxlinux_kernelMatch2.4.0test5
ORlinuxlinux_kernelMatch2.4.0test6
ORlinuxlinux_kernelMatch2.4.0test7
ORlinuxlinux_kernelMatch2.4.0test8
ORlinuxlinux_kernelMatch2.4.0test9
ORlinuxlinux_kernelMatch2.4.1
ORlinuxlinux_kernelMatch2.4.2
ORlinuxlinux_kernelMatch2.4.3
ORlinuxlinux_kernelMatch2.4.4
ORlinuxlinux_kernelMatch2.4.5
ORlinuxlinux_kernelMatch2.4.6
ORlinuxlinux_kernelMatch2.4.7
ORlinuxlinux_kernelMatch2.4.8
ORlinuxlinux_kernelMatch2.4.9
ORlinuxlinux_kernelMatch2.4.10
ORlinuxlinux_kernelMatch2.4.11
ORlinuxlinux_kernelMatch2.4.12
ORlinuxlinux_kernelMatch2.4.13
ORlinuxlinux_kernelMatch2.4.14
ORlinuxlinux_kernelMatch2.4.15
ORlinuxlinux_kernelMatch2.4.16
ORlinuxlinux_kernelMatch2.4.17
ORlinuxlinux_kernelMatch2.4.18
ORlinuxlinux_kernelMatch2.4.18x86
ORlinuxlinux_kernelMatch2.4.18pre1
ORlinuxlinux_kernelMatch2.4.18pre2
ORlinuxlinux_kernelMatch2.4.18pre3
ORlinuxlinux_kernelMatch2.4.18pre4
ORlinuxlinux_kernelMatch2.4.18pre5
ORlinuxlinux_kernelMatch2.4.18pre6
ORlinuxlinux_kernelMatch2.4.18pre7
ORlinuxlinux_kernelMatch2.4.18pre8
ORlinuxlinux_kernelMatch2.4.19
ORlinuxlinux_kernelMatch2.4.19pre1
ORlinuxlinux_kernelMatch2.4.19pre2
ORlinuxlinux_kernelMatch2.4.19pre3
ORlinuxlinux_kernelMatch2.4.19pre4
ORlinuxlinux_kernelMatch2.4.19pre5
ORlinuxlinux_kernelMatch2.4.19pre6
ORlinuxlinux_kernelMatch2.4.20
ORlinuxlinux_kernelMatch2.4.21
ORlinuxlinux_kernelMatch2.4.21pre1
ORlinuxlinux_kernelMatch2.4.21pre4
ORlinuxlinux_kernelMatch2.4.21pre7
ORlinuxlinux_kernelMatch2.4.22
ORlinuxlinux_kernelMatch2.4.23
ORlinuxlinux_kernelMatch2.4.23pre9
ORlinuxlinux_kernelMatch2.4.23_ow2
ORlinuxlinux_kernelMatch2.4.24
ORlinuxlinux_kernelMatch2.4.24_ow1
ORlinuxlinux_kernelMatch2.4.25
ORlinuxlinux_kernelMatch2.4.26
ORlinuxlinux_kernelMatch2.4.27
ORlinuxlinux_kernelMatch2.4.27pre1
ORlinuxlinux_kernelMatch2.4.27pre2
ORlinuxlinux_kernelMatch2.4.27pre3
ORlinuxlinux_kernelMatch2.4.27pre4
ORlinuxlinux_kernelMatch2.4.27pre5
ORlinuxlinux_kernelMatch2.4.28
ORlinuxlinux_kernelMatch2.4.29rc2
ORlinuxlinux_kernelMatch2.6.0
ORlinuxlinux_kernelMatch2.6.0test1
ORlinuxlinux_kernelMatch2.6.0test10
ORlinuxlinux_kernelMatch2.6.0test11
ORlinuxlinux_kernelMatch2.6.0test2
ORlinuxlinux_kernelMatch2.6.0test3
ORlinuxlinux_kernelMatch2.6.0test4
ORlinuxlinux_kernelMatch2.6.0test5
ORlinuxlinux_kernelMatch2.6.0test6
ORlinuxlinux_kernelMatch2.6.0test7
ORlinuxlinux_kernelMatch2.6.0test8
ORlinuxlinux_kernelMatch2.6.0test9
ORlinuxlinux_kernelMatch2.6.1
ORlinuxlinux_kernelMatch2.6.1rc1
ORlinuxlinux_kernelMatch2.6.1rc2
ORlinuxlinux_kernelMatch2.6.2
ORlinuxlinux_kernelMatch2.6.3
ORlinuxlinux_kernelMatch2.6.4
ORlinuxlinux_kernelMatch2.6.5
ORlinuxlinux_kernelMatch2.6.6
ORlinuxlinux_kernelMatch2.6.6rc1
ORlinuxlinux_kernelMatch2.6.7
ORlinuxlinux_kernelMatch2.6.7rc1
ORlinuxlinux_kernelMatch2.6.8
ORlinuxlinux_kernelMatch2.6.8rc1
ORlinuxlinux_kernelMatch2.6.8rc2
ORlinuxlinux_kernelMatch2.6.8rc3
ORlinuxlinux_kernelMatch2.6.92.6.20
ORlinuxlinux_kernelMatch2.6.10
ORlinuxlinux_kernelMatch2.6.10rc2
ORlinuxlinux_kernelMatch2.6_test9_cvs
ORmandrakesoftmandrake_linuxMatch9.2
ORmandrakesoftmandrake_linuxMatch9.2amd64
ORmandrakesoftmandrake_linuxMatch10.0
ORmandrakesoftmandrake_linuxMatch10.0amd64
ORmandrakesoftmandrake_linuxMatch10.1
ORmandrakesoftmandrake_linuxMatch10.1x86_64
ORmandrakesoftmandrake_linux_corporate_serverMatch2.1
ORmandrakesoftmandrake_linux_corporate_serverMatch2.1x86_64
ORmandrakesoftmandrake_linux_corporate_serverMatch3.0
ORredhatenterprise_linuxMatch3.0advanced_servers
ORredhatenterprise_linuxMatch3.0enterprise_server
ORredhatenterprise_linuxMatch3.0workstation
ORredhatenterprise_linuxMatch4.0advanced_server
ORredhatenterprise_linuxMatch4.0enterprise_server
ORredhatenterprise_linuxMatch4.0workstation
ORredhatenterprise_linux_desktopMatch3.0
ORredhatenterprise_linux_desktopMatch4.0
ORredhatfedora_coreMatchcore_1.0
ORredhatfedora_coreMatchcore_2.0
ORredhatfedora_coreMatchcore_3.0
ORredhatlinuxMatch7.3i386
ORredhatlinuxMatch9.0i386
ORsusesuse_linuxMatch1.0desktop
ORsusesuse_linuxMatch8enterprise_server
ORsusesuse_linuxMatch8.1
ORsusesuse_linuxMatch8.2
ORsusesuse_linuxMatch9.0
ORsusesuse_linuxMatch9.0enterprise_server
ORsusesuse_linuxMatch9.1
ORsusesuse_linuxMatch9.2
ORubuntuubuntu_linuxMatch4.1ia64
ORubuntuubuntu_linuxMatch4.1ppc
Node
avayaintuity_audixlx
ORmandrakesoftmandrake_multi_network_firewallMatch8.2
ORavayas8300Matchr2.0.0
ORavayas8300Matchr2.0.1
ORavayas8500Matchr2.0.0
ORavayas8500Matchr2.0.1
ORavayas8700Matchr2.0.0
ORavayas8700Matchr2.0.1
ORconectivalinuxMatch10.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| avaya | mn100 | * | cpe:2.3:a:avaya:mn100:*:*:*:*:*:*:*:* |
| avaya | network_routing | * | cpe:2.3:a:avaya:network_routing:*:*:*:*:*:*:*:* |
| avaya | converged_communications_server | 2.0 | cpe:2.3:h:avaya:converged_communications_server:2.0:*:*:*:*:*:*:* |
| avaya | s8710 | r2.0.0 | cpe:2.3:h:avaya:s8710:r2.0.0:*:*:*:*:*:*:* |
| avaya | s8710 | r2.0.1 | cpe:2.3:h:avaya:s8710:r2.0.1:*:*:*:*:*:*:* |
| avaya | modular_messaging_message_storage_server | 1.1 | cpe:2.3:o:avaya:modular_messaging_message_storage_server:1.1:*:*:*:*:*:*:* |
| avaya | modular_messaging_message_storage_server | 2.0 | cpe:2.3:o:avaya:modular_messaging_message_storage_server:2.0:*:*:*:*:*:*:* |
| linux | linux_kernel | 2.4.0 | cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:* |
| linux | linux_kernel | 2.4.0 | cpe:2.3:o:linux:linux_kernel:2.4.0:test1:*:*:*:*:*:* |
| linux | linux_kernel | 2.4.0 | cpe:2.3:o:linux:linux_kernel:2.4.0:test10:*:*:*:*:*:* |
References
distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
isec.pl/vulnerabilities/isec-0021-uselib.txt
marc.info/?l=bugtraq&m=110512575901427&w=2
secunia.com/advisories/20162
secunia.com/advisories/20163
secunia.com/advisories/20202
secunia.com/advisories/20338
www.debian.org/security/2006/dsa-1067
www.debian.org/security/2006/dsa-1069
www.debian.org/security/2006/dsa-1070
www.debian.org/security/2006/dsa-1082
www.mandriva.com/security/advisories?name=MDKSA-2005:022
www.novell.com/linux/security/advisories/2005_01_sr.html
www.redhat.com/support/errata/RHSA-2005-016.html
www.redhat.com/support/errata/RHSA-2005-017.html
www.redhat.com/support/errata/RHSA-2005-043.html
www.redhat.com/support/errata/RHSA-2005-092.html
www.securityfocus.com/advisories/7804
www.securityfocus.com/advisories/7805
www.securityfocus.com/advisories/7806
www.securityfocus.com/bid/12190
www.trustix.org/errata/2005/0001/
bugzilla.fedora.us/show_bug.cgi?id=2336
exchange.xforce.ibmcloud.com/vulnerabilities/18800
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9567
Related
ubuntucve
ubuntucve
CVE-2004-1235
2005-04-14 00:00:00
openvas
openvas
SLES9: Security update for Linux kernel core
2009-10-10 00:00:00
SLES9: Security update for Linux kernel core
2009-10-10 00:00:00
Ubuntu: Security Advisory (USN-57-1)
2022-08-26 00:00:00
exploitdb
exploitdb
Linux Kernel 2.4 - 'uselib()' Local Privilege Escalation (2)
2005-01-27 00:00:00
cve
cve
CVE-2004-1235
2005-04-14 04:00:00
nessus
nessus
Fedora Core 2 : kernel-2.6.10-1.8_FC2 (2005-014)
2005-01-12 00:00:00
Fedora Core 3 : kernel-2.6.10-1.737_FC3 (2005-013)
2005-01-12 00:00:00
SUSE-SA:2005:003: kernel
2005-02-03 00:00:00
securityvulns
securityvulns
cvelist
cvelist
CVE-2004-1235
2005-01-20 05:00:00
packetstorm
packetstorm
isec-0021-uselib.txt
2005-01-07 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2005-01-09 00:00:00
suse
suse
local privilege escalation in kernel
2005-01-21 15:09:06
redhat
redhat
(RHSA-2005:043) kernel security update
2005-01-18 00:00:00
(RHSA-2005:016) kernel security update
2005-01-21 00:00:00
(RHSA-2005:017) kernel security update
2005-01-21 00:00:00
debian
debian
osv
osv
kernel-source-2.4.16 - several
2006-05-20 00:00:00
kernel-source-2.4.19 - several vulnerabilities
2006-05-21 00:00:00
kernel-source-2.4.18 - several
2006-05-20 00:00:00
CVSS2
6.2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:C/I:C/A:C
AI Score
6.8
Confidence
Low
EPSS
0.001
Percentile
16.5%
Related for NVD:CVE-2004-1235