ID CVE-2004-0109
Summary Buffer overflow in the ISO9660 file system component for Linux kernel 2.4.x, 2.5.x and 2.6.x, allows local users with physical access to overflow kernel memory and execute arbitrary code via a malformed CD containing a long symbolic link entry.
References
Vulnerable Configurations
  • cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.5.0:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.5.0:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.0:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.0:*:*:*:*:*:*:*
CVSS
Base: 4.6 (as of 11-10-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:P/A:P
oval via4
  • accepted 2013-04-29T04:08:12.412-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    description Buffer overflow in the ISO9660 file system component for Linux kernel 2.4.x, 2.5.x and 2.6.x, allows local users with physical access to overflow kernel memory and execute arbitrary code via a malformed CD containing a long symbolic link entry.
    family unix
    id oval:org.mitre.oval:def:10733
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Buffer overflow in the ISO9660 file system component for Linux kernel 2.4.x, 2.5.x and 2.6.x, allows local users with physical access to overflow kernel memory and execute arbitrary code via a malformed CD containing a long symbolic link entry.
    version 23
  • accepted 2007-04-25T19:53:09.969-04:00
    class vulnerability
    contributors
    • name Jay Beale
      organization Bastille Linux
    • name Thomas R. Jones
      organization Maitreya Security
    description Buffer overflow in the ISO9660 file system component for Linux kernel 2.4.x, 2.5.x and 2.6.x, allows local users with physical access to overflow kernel memory and execute arbitrary code via a malformed CD containing a long symbolic link entry.
    family unix
    id oval:org.mitre.oval:def:940
    status accepted
    submitted 2004-05-10T12:00:00.000-04:00
    title Linux Kernel ISO9660 File System Component BO
    version 34
redhat via4
advisories
  • rhsa
    id RHSA-2004:105
  • rhsa
    id RHSA-2004:106
  • rhsa
    id RHSA-2004:166
  • rhsa
    id RHSA-2004:183
refmap via4
bid 10141
ciac
  • O-121
  • O-127
conectiva CLA-2004:846
debian
  • DSA-479
  • DSA-480
  • DSA-481
  • DSA-482
  • DSA-489
  • DSA-491
  • DSA-495
engarde ESA-20040428-004
gentoo GLSA-200407-02
mandrake MDKSA-2004:029
misc http://www.idefense.com/application/poi/display?id=101&type=vulnerabilities
secunia
  • 11361
  • 11362
  • 11373
  • 11429
  • 11464
  • 11469
  • 11470
  • 11486
  • 11494
  • 11518
  • 11626
  • 11861
  • 11891
  • 11986
  • 12003
sgi
  • 20040405-01-U
  • 20040504-01-U
suse SuSE-SA:2004:009
trustix 2004-0020
turbo TLSA-2004-14
xf linux-iso9660-bo(15866)
Last major update 11-10-2017 - 01:29
Published 01-06-2004 - 04:00
Back to Top