ID CVE-2004-1068
Summary A "missing serialization" error in the unix_dgram_recvmsg function in Linux 2.4.27 and earlier, and 2.6.x up to 2.6.9, allows local users to gain privileges via a race condition.
References
Vulnerable Configurations
  • Linux Kernel 2.4.0
    cpe:2.3:o:linux:linux_kernel:2.4.0
  • Linux Kernel 2.4.0 test1
    cpe:2.3:o:linux:linux_kernel:2.4.0:test1
  • Linux Kernel 2.4.0 test10
    cpe:2.3:o:linux:linux_kernel:2.4.0:test10
  • Linux Kernel 2.4.0 test11
    cpe:2.3:o:linux:linux_kernel:2.4.0:test11
  • Linux Kernel 2.4.0 test12
    cpe:2.3:o:linux:linux_kernel:2.4.0:test12
  • Linux Kernel 2.4.0 test2
    cpe:2.3:o:linux:linux_kernel:2.4.0:test2
  • Linux Kernel 2.4.0 test3
    cpe:2.3:o:linux:linux_kernel:2.4.0:test3
  • Linux Kernel 2.4.0 test4
    cpe:2.3:o:linux:linux_kernel:2.4.0:test4
  • Linux Kernel 2.4.0 test5
    cpe:2.3:o:linux:linux_kernel:2.4.0:test5
  • Linux Kernel 2.4.0 test6
    cpe:2.3:o:linux:linux_kernel:2.4.0:test6
  • Linux Kernel 2.4.0 test7
    cpe:2.3:o:linux:linux_kernel:2.4.0:test7
  • Linux Kernel 2.4.0 test8
    cpe:2.3:o:linux:linux_kernel:2.4.0:test8
  • Linux Kernel 2.4.0 test9
    cpe:2.3:o:linux:linux_kernel:2.4.0:test9
  • Linux Kernel 2.4.1
    cpe:2.3:o:linux:linux_kernel:2.4.1
  • Linux Kernel 2.4.2
    cpe:2.3:o:linux:linux_kernel:2.4.2
  • Linux Kernel 2.4.3
    cpe:2.3:o:linux:linux_kernel:2.4.3
  • Linux Kernel 2.4.4
    cpe:2.3:o:linux:linux_kernel:2.4.4
  • Linux Kernel 2.4.5
    cpe:2.3:o:linux:linux_kernel:2.4.5
  • Linux Kernel 2.4.6
    cpe:2.3:o:linux:linux_kernel:2.4.6
  • Linux Kernel 2.4.7
    cpe:2.3:o:linux:linux_kernel:2.4.7
  • Linux Kernel 2.4.8
    cpe:2.3:o:linux:linux_kernel:2.4.8
  • Linux Kernel 2.4.9
    cpe:2.3:o:linux:linux_kernel:2.4.9
  • Linux Kernel 2.4.10
    cpe:2.3:o:linux:linux_kernel:2.4.10
  • Linux Kernel 2.4.12
    cpe:2.3:o:linux:linux_kernel:2.4.12
  • Linux Kernel 2.4.13
    cpe:2.3:o:linux:linux_kernel:2.4.13
  • Linux Kernel 2.4.14
    cpe:2.3:o:linux:linux_kernel:2.4.14
  • Linux Kernel 2.4.15
    cpe:2.3:o:linux:linux_kernel:2.4.15
  • Linux Kernel 2.4.16
    cpe:2.3:o:linux:linux_kernel:2.4.16
  • Linux Kernel 2.4.17
    cpe:2.3:o:linux:linux_kernel:2.4.17
  • Linux Kernel 2.4.18
    cpe:2.3:o:linux:linux_kernel:2.4.18
  • cpe:2.3:o:linux:linux_kernel:2.4.18:-:x86
    cpe:2.3:o:linux:linux_kernel:2.4.18:-:x86
  • Linux Kernel 2.4.18 pre1
    cpe:2.3:o:linux:linux_kernel:2.4.18:pre1
  • Linux Kernel 2.4.18 pre2
    cpe:2.3:o:linux:linux_kernel:2.4.18:pre2
  • Linux Kernel 2.4.18 pre3
    cpe:2.3:o:linux:linux_kernel:2.4.18:pre3
  • Linux Kernel 2.4.18 pre4
    cpe:2.3:o:linux:linux_kernel:2.4.18:pre4
  • Linux Kernel 2.4.18 pre5
    cpe:2.3:o:linux:linux_kernel:2.4.18:pre5
  • Linux Kernel 2.4.18 pre6
    cpe:2.3:o:linux:linux_kernel:2.4.18:pre6
  • Linux Kernel 2.4.18 pre7
    cpe:2.3:o:linux:linux_kernel:2.4.18:pre7
  • Linux Kernel 2.4.18 pre8
    cpe:2.3:o:linux:linux_kernel:2.4.18:pre8
  • Linux Kernel 2.4.19
    cpe:2.3:o:linux:linux_kernel:2.4.19
  • Linux Kernel 2.4.19 pre1
    cpe:2.3:o:linux:linux_kernel:2.4.19:pre1
  • Linux Kernel 2.4.19 pre2
    cpe:2.3:o:linux:linux_kernel:2.4.19:pre2
  • Linux Kernel 2.4.19 pre3
    cpe:2.3:o:linux:linux_kernel:2.4.19:pre3
  • Linux Kernel 2.4.19 pre4
    cpe:2.3:o:linux:linux_kernel:2.4.19:pre4
  • Linux Kernel 2.4.19 pre5
    cpe:2.3:o:linux:linux_kernel:2.4.19:pre5
  • Linux Kernel 2.4.19 pre6
    cpe:2.3:o:linux:linux_kernel:2.4.19:pre6
  • Linux Kernel 2.4.20
    cpe:2.3:o:linux:linux_kernel:2.4.20
  • Linux Kernel 2.4.21
    cpe:2.3:o:linux:linux_kernel:2.4.21
  • Linux Kernel 2.4.21 pre1
    cpe:2.3:o:linux:linux_kernel:2.4.21:pre1
  • Linux Kernel 2.4.21 pre4
    cpe:2.3:o:linux:linux_kernel:2.4.21:pre4
  • Linux Kernel 2.4.21 pre7
    cpe:2.3:o:linux:linux_kernel:2.4.21:pre7
  • Linux Kernel 2.4.22
    cpe:2.3:o:linux:linux_kernel:2.4.22
  • Linux Kernel 2.4.23
    cpe:2.3:o:linux:linux_kernel:2.4.23
  • Linux Kernel 2.4.23 pre9
    cpe:2.3:o:linux:linux_kernel:2.4.23:pre9
  • cpe:2.3:o:linux:linux_kernel:2.4.23_ow2
    cpe:2.3:o:linux:linux_kernel:2.4.23_ow2
  • Linux Kernel 2.4.24
    cpe:2.3:o:linux:linux_kernel:2.4.24
  • cpe:2.3:o:linux:linux_kernel:2.4.24_ow1
    cpe:2.3:o:linux:linux_kernel:2.4.24_ow1
  • Linux Kernel 2.4.25
    cpe:2.3:o:linux:linux_kernel:2.4.25
  • Linux Kernel 2.4.26
    cpe:2.3:o:linux:linux_kernel:2.4.26
  • Linux Kernel 2.4.27
    cpe:2.3:o:linux:linux_kernel:2.4.27
  • Linux Kernel 2.4.27 pre1
    cpe:2.3:o:linux:linux_kernel:2.4.27:pre1
  • Linux Kernel 2.4.27 pre2
    cpe:2.3:o:linux:linux_kernel:2.4.27:pre2
  • Linux Kernel 2.4.27 pre3
    cpe:2.3:o:linux:linux_kernel:2.4.27:pre3
  • Linux Kernel 2.4.27 pre4
    cpe:2.3:o:linux:linux_kernel:2.4.27:pre4
  • Linux Kernel 2.4.27 pre5
    cpe:2.3:o:linux:linux_kernel:2.4.27:pre5
  • cpe:2.3:o:redhat:enterprise_linux:2.1:-:advanced_server
    cpe:2.3:o:redhat:enterprise_linux:2.1:-:advanced_server
  • cpe:2.3:o:redhat:enterprise_linux:2.1:-:advanced_server_ia64
    cpe:2.3:o:redhat:enterprise_linux:2.1:-:advanced_server_ia64
  • cpe:2.3:o:redhat:enterprise_linux:2.1:-:enterprise_server
    cpe:2.3:o:redhat:enterprise_linux:2.1:-:enterprise_server
  • cpe:2.3:o:redhat:enterprise_linux:2.1:-:enterprise_server_ia64
    cpe:2.3:o:redhat:enterprise_linux:2.1:-:enterprise_server_ia64
  • cpe:2.3:o:redhat:enterprise_linux:2.1:-:workstation
    cpe:2.3:o:redhat:enterprise_linux:2.1:-:workstation
  • cpe:2.3:o:redhat:enterprise_linux:2.1:-:workstation_ia64
    cpe:2.3:o:redhat:enterprise_linux:2.1:-:workstation_ia64
  • cpe:2.3:o:redhat:enterprise_linux:3.0:-:advanced_server
    cpe:2.3:o:redhat:enterprise_linux:3.0:-:advanced_server
  • cpe:2.3:o:redhat:enterprise_linux:3.0:-:enterprise_server
    cpe:2.3:o:redhat:enterprise_linux:3.0:-:enterprise_server
  • cpe:2.3:o:redhat:enterprise_linux:3.0:-:workstation_server
    cpe:2.3:o:redhat:enterprise_linux:3.0:-:workstation_server
  • Red Hat Desktop 3.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:3.0
  • cpe:2.3:o:redhat:linux_advanced_workstation:2.1:-:ia64
    cpe:2.3:o:redhat:linux_advanced_workstation:2.1:-:ia64
  • cpe:2.3:o:redhat:linux_advanced_workstation:2.1:-:itanium_processor
    cpe:2.3:o:redhat:linux_advanced_workstation:2.1:-:itanium_processor
  • cpe:2.3:o:ubuntu:ubuntu_linux:4.1:-:ia64
    cpe:2.3:o:ubuntu:ubuntu_linux:4.1:-:ia64
  • cpe:2.3:o:ubuntu:ubuntu_linux:4.1:-:ppc
    cpe:2.3:o:ubuntu:ubuntu_linux:4.1:-:ppc
CVSS
Base: 6.2 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL HIGH NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2004-537.NASL
    description Updated openmotif packages that fix flaws in the Xpm image library are now available. OpenMotif provides libraries which implement the Motif industry standard graphical user interface. During a source code audit, Chris Evans and others discovered several stack overflow flaws and an integer overflow flaw in the libXpm library used to decode XPM (X PixMap) images. A vulnerable version of this library was found within OpenMotif. An attacker could create a carefully crafted XPM file which would cause an application to crash or potentially execute arbitrary code if opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0687, CVE-2004-0688, and CVE-2004-0914 to these issues. Users of OpenMotif are advised to upgrade to these erratum packages, which contain backported security patches to the embedded libXpm library.
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 15943
    published 2004-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15943
    title RHEL 2.1 / 3 : openmotif (RHSA-2004:537)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SA_2004_044.NASL
    description The remote host is missing the patch for the advisory SUSE-SA:2004:044 (kernel). Several vulnerabilities have been found and fixed in the Linux kernel.
    last seen 2018-09-02
    modified 2016-12-27
    plugin id 16303
    published 2005-02-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16303
    title SUSE-SA:2004:044: kernel
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2004-549.NASL
    description Updated kernel packages that fix several security issues in Red Hat Enterprise Linux 3 are now available. The Linux kernel handles the basic functions of the operating system. This update includes fixes for several security issues : A missing serialization flaw in unix_dgram_recvmsg was discovered that affects kernels prior to 2.4.28. A local user could potentially make use of a race condition in order to gain privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1068 to this issue. Paul Starzetz of iSEC discovered various flaws in the ELF binary loader affecting kernels prior to 2.4.28. A local user could use thse flaws to gain read access to executable-only binaries or possibly gain privileges. (CVE-2004-1070, CVE-2004-1071, CVE-2004-1072, CVE-2004-1073) A flaw when setting up TSS limits was discovered that affects AMD AMD64 and Intel EM64T architecture kernels prior to 2.4.23. A local user could use this flaw to cause a denial of service (crash) or possibly gain privileges. (CVE-2004-0812) An integer overflow flaw was discovered in the ubsec_keysetup function in the Broadcom 5820 cryptonet driver. On systems using this driver, a local user could cause a denial of service (crash) or possibly gain elevated privileges. (CVE-2004-0619) Stefan Esser discovered various flaws including buffer overflows in the smbfs driver affecting kernels prior to 2.4.28. A local user may be able to cause a denial of service (crash) or possibly gain privileges. In order to exploit these flaws the user would require control of a connected Samba server. (CVE-2004-0883, CVE-2004-0949) SGI discovered a bug in the elf loader that affects kernels prior to 2.4.25 which could be triggered by a malformed binary. On architectures other than x86, a local user could create a malicious binary which could cause a denial of service (crash). (CVE-2004-0136) Conectiva discovered flaws in certain USB drivers affecting kernels prior to 2.4.27 which used the copy_to_user function on uninitialized structures. These flaws could allow local users to read small amounts of kernel memory. (CVE-2004-0685) All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 15944
    published 2004-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15944
    title RHEL 3 : kernel (RHSA-2004:549)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2004-505.NASL
    description Updated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 2.1. This is the sixth regular update. The Linux kernel handles the basic functions of the operating system. This is the sixth regular kernel update to Red Hat Enterprise Linux version 2.1. It updates a number of device drivers, and adds much improved SATA support. This update includes fixes for several security issues : Paul Starzetz of iSEC discovered various flaws in the ELF binary loader affecting kernels prior to 2.4.28. A local user could use these flaws to gain read access to executable-only binaries or possibly gain privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-1070, CVE-2004-1071, CVE-2004-1072, and CVE-2004-1073 to these issues. A missing serialization flaw in unix_dgram_recvmsg was discovered that affects kernels prior to 2.4.28. A local user could potentially make use of a race condition in order to gain privileges. (CVE-2004-1068) Stefan Esser discovered various flaws including buffer overflows in the smbfs driver affecting kernels before 2.4.28. A local user may be able to cause a denial of service (crash) or possibly gain privileges. In order to exploit these flaws the user would need to have control of a connected smb server. (CVE-2004-0883, CVE-2004-0949) Conectiva discovered flaws in certain USB drivers affecting kernels before 2.4.27 which used the copy_to_user function on uninitialized structures. These flaws could allow local users to read small amounts of kernel memory. (CVE-2004-0685) The ext3 code in kernels before 2.4.26 did not properly initialize journal descriptor blocks. A privileged local user could read portions of kernel memory. (CVE-2004-0177) The following drivers have also been updated : * tg3 v3.10 * e1000 v5.3.19-k2 * e100 v3.0.27-k2 * megaraid * megaraid2 v2.10.8.2 All Red Hat Enterprise Linux 2.1 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 15958
    published 2004-12-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15958
    title RHEL 2.1 : kernel (RHSA-2004:505)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-38-1.NASL
    description CAN-2004-0814 : Vitaly V. Bursov discovered a Denial of Service vulnerability in the 'serio' code; opening the same tty device twice and doing some particular operations on it caused a kernel panic and/or a system lockup. Fixing this vulnerability required a change in the Application Binary Interface (ABI) of the kernel. This means that third-party user installed modules might not work any more with the new kernel, so this fixed kernel got a new ABI version number. You have to recompile and reinstall all third-party modules. CAN-2004-1016 : Paul Starzetz discovered a buffer overflow vulnerability in the '__scm_send' function which handles the sending of UDP network packets. A wrong validity check of the cmsghdr structure allowed a local attacker to modify kernel memory, thus causing an endless loop (Denial of Service) or possibly even root privilege escalation. CAN-2004-1056 : Thomas Hellstrom discovered a Denial of Service vulnerability in the Direct Rendering Manager (DRM) drivers. Due to an insufficient DMA lock checking, any authorized client could send arbitrary values to the video card, which could cause an X server crash or modification of the video output. CAN-2004-1058 : Rob Landley discovered a race condition in the handling of /proc/.../cmdline. Under very rare circumstances an user could read the environment variables of another process that was still spawning. Environment variables are often used to pass passwords and other private information to other processes. CAN-2004-1068 : A race condition was discovered in the handling of AF_UNIX network packets. This reportedly allowed local users to modify arbitrary kernel memory, facilitating privilege escalation, or possibly allowing code execution in the context of the kernel. CAN-2004-1069 : Ross Kendall Axe discovered a possible kernel panic (causing a Denial of Service) while sending AF_UNIX network packages if the kernel options CONFIG_SECURITY_NETWORK and CONFIG_SECURITY_SELINUX are enabled. This is not the case in the kernel packages shipped in Warty Warthog; however, if you recompiled the kernel using SELinux, you are affected by this flaw. CAN-2004-1137 : Paul Starzetz discovered several flaws in the IGMP handling code. This allowed users to provoke a Denial of Service, read kernel memory, and execute arbitrary code with root privileges. This flaw is also exploitable remotely if an application has bound a multicast socket. CAN-2004-1151 : Jeremy Fitzhardinge discovered two buffer overflows in the sys32_ni_syscall() and sys32_vm86_warning() functions. This could possibly be exploited to overwrite kernel memory with attacker-supplied code and cause root privilege escalation. This vulnerability only affects the amd64 architecture. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2016-05-27
    plugin id 20654
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20654
    title Ubuntu 4.10 : linux-source-2.6.8.1 vulnerabilities (USN-38-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-022.NASL
    description A number of vulnerabilities are fixed in the 2.4 and 2.6 kernels with this advisory : - Multiple race conditions in the terminal layer of 2.4 and 2.6 kernels (prior to 2.6.9) can allow a local attacker to obtain portions of kernel data or allow remote attackers to cause a kernel panic by switching from console to PPP line discipline, then quickly sending data that is received during the switch (CVE-2004-0814) - Richard Hart found an integer underflow problem in the iptables firewall logging rules that can allow a remote attacker to crash the machine by using a specially crafted IP packet. This is only possible, however, if firewalling is enabled. The problem only affects 2.6 kernels and was fixed upstream in 2.6.8 (CVE-2004-0816) - Stefan Esser found several remote DoS confitions in the smbfs file system. This could be exploited by a hostile SMB server (or an attacker injecting packets into the network) to crash the client systems (CVE-2004-0883 and CVE-2004-0949) - Paul Starzetz and Georgi Guninski reported, independently, that bad argument handling and bad integer arithmetics in the IPv4 sendmsg handling of control messages could lead to a local attacker crashing the machine. The fixes were done by Herbert Xu (CVE-2004-1016) - Rob Landley discovered a race condition in the handling of /proc/.../cmdline where, under rare circumstances, a user could read the environment variables of another process that was still spawning leading to the potential disclosure of sensitive information such as passwords (CVE-2004-1058) - Paul Starzetz reported that the missing serialization in unix_dgram_recvmsg() which was added to kernel 2.4.28 can be used by a local attacker to gain elevated (root) privileges (CVE-2004-1068) - Ross Kendall Axe discovered a possible kernel panic (DoS) while sending AF_UNIX network packets if certain SELinux-related kernel options were enabled. By default the CONFIG_SECURITY_NETWORK and CONFIG_SECURITY_SELINUX options are not enabled (CVE-2004-1069) - Paul Starzetz of isec.pl discovered several issues with the error handling of the ELF loader routines in the kernel. The fixes were provided by Chris Wright (CVE-2004-1070, CVE-2004-1071, CVE-2004-1072, CVE-2004-1073) - It was discovered that hand-crafted a.out binaries could be used to trigger a local DoS condition in both the 2.4 and 2.6 kernels. The fixes were done by Chris Wright (CVE-2004-1074) - Paul Starzetz found bad handling in the IGMP code which could lead to a local attacker being able to crash the machine. The fix was done by Chris Wright (CVE-2004-1137) - Jeremy Fitzhardinge discovered two buffer overflows in the sys32_ni_syscall() and sys32_vm86_warning() functions that could be used to overwrite kernel memory with attacker-supplied code resulting in privilege escalation (CVE-2004-1151) - Paul Starzetz found locally exploitable flaws in the binary format loader's uselib() function that could be abused to allow a local user to obtain root privileges (CVE-2004-1235) - Paul Starzetz found an exploitable flaw in the page fault handler when running on SMP machines (CVE-2005-0001) - A vulnerability in insert_vm_struct could allow a locla user to trigger BUG() when the user created a large vma that overlapped with arg pages during exec (CVE-2005-0003) - Paul Starzetz also found a number of vulnerabilities in the kernel binfmt_elf loader that could lead a local user to obtain elevated (root) privileges (isec-0017-binfmt_elf) The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels. To update your kernel, please follow the directions located at : http://www.mandrakesoft.com/security/kernelupdate PLEASE NOTE: Mandrakelinux 10.0 users will need to upgrade to the latest module-init-tools package prior to upgrading their kernel. Likewise, MNF8.2 users will need to upgrade to the latest modutils package prior to upgrading their kernel.
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 16259
    published 2005-01-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16259
    title Mandrake Linux Security Advisory : kernel (MDKSA-2005:022)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1070.NASL
    description Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2004-0427 A local denial of service vulnerability in do_fork() has been found. - CVE-2005-0489 A local denial of service vulnerability in proc memory handling has been found. - CVE-2004-0394 A buffer overflow in the panic handling code has been found. - CVE-2004-0447 A local denial of service vulnerability through a NULL pointer dereference in the IA64 process handling code has been found. - CVE-2004-0554 A local denial of service vulnerability through an infinite loop in the signal handler code has been found. - CVE-2004-0565 An information leak in the context switch code has been found on the IA64 architecture. - CVE-2004-0685 Unsafe use of copy_to_user in USB drivers may disclose sensitive information. - CVE-2005-0001 A race condition in the i386 page fault handler may allow privilege escalation. - CVE-2004-0883 Multiple vulnerabilities in the SMB filesystem code may allow denial of service or information disclosure. - CVE-2004-0949 An information leak discovered in the SMB filesystem code. - CVE-2004-1016 A local denial of service vulnerability has been found in the SCM layer. - CVE-2004-1333 An integer overflow in the terminal code may allow a local denial of service vulnerability. - CVE-2004-0997 A local privilege escalation in the MIPS assembly code has been found. - CVE-2004-1335 A memory leak in the ip_options_get() function may lead to denial of service. - CVE-2004-1017 Multiple overflows exist in the io_edgeport driver which might be usable as a denial of service attack vector. - CVE-2005-0124 Bryan Fulton reported a bounds checking bug in the coda_pioctl function which may allow local users to execute arbitrary code or trigger a denial of service attack. - CVE-2003-0984 Inproper initialization of the RTC may disclose information. - CVE-2004-1070 Insufficient input sanitising in the load_elf_binary() function may lead to privilege escalation. - CVE-2004-1071 Incorrect error handling in the binfmt_elf loader may lead to privilege escalation. - CVE-2004-1072 A buffer overflow in the binfmt_elf loader may lead to privilege escalation or denial of service. - CVE-2004-1073 The open_exec function may disclose information. - CVE-2004-1074 The binfmt code is vulnerable to denial of service through malformed a.out binaries. - CVE-2004-0138 A denial of service vulnerability in the ELF loader has been found. - CVE-2004-1068 A programming error in the unix_dgram_recvmsg() function may lead to privilege escalation. - CVE-2004-1234 The ELF loader is vulnerable to denial of service through malformed binaries. - CVE-2005-0003 Crafted ELF binaries may lead to privilege escalation, due to insufficient checking of overlapping memory regions. - CVE-2004-1235 A race condition in the load_elf_library() and binfmt_aout() functions may allow privilege escalation. - CVE-2005-0504 An integer overflow in the Moxa driver may lead to privilege escalation. - CVE-2005-0384 A remote denial of service vulnerability has been found in the PPP driver. - CVE-2005-0135 An IA64 specific local denial of service vulnerability has been found in the unw_unwind_to_user() function. The following matrix explains which kernel version for which architecture fixes the problems mentioned above : Debian 3.0 (woody) Source 2.4.19-4 Sun Sparc architecture 26woody1 Little endian MIPS architecture 0.020911.1.woody5
    last seen 2019-01-16
    modified 2018-08-09
    plugin id 22612
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22612
    title Debian DSA-1070-1 : kernel-source-2.4.19 - several vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1067.NASL
    description Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2004-0427 A local denial of service vulnerability in do_fork() has been found. - CVE-2005-0489 A local denial of service vulnerability in proc memory handling has been found. - CVE-2004-0394 A buffer overflow in the panic handling code has been found. - CVE-2004-0447 A local denial of service vulnerability through a NULL pointer dereference in the IA64 process handling code has been found. - CVE-2004-0554 A local denial of service vulnerability through an infinite loop in the signal handler code has been found. - CVE-2004-0565 An information leak in the context switch code has been found on the IA64 architecture. - CVE-2004-0685 Unsafe use of copy_to_user in USB drivers may disclose sensitive information. - CVE-2005-0001 A race condition in the i386 page fault handler may allow privilege escalation. - CVE-2004-0883 Multiple vulnerabilities in the SMB filesystem code may allow denial of service or information disclosure. - CVE-2004-0949 An information leak discovered in the SMB filesystem code. - CVE-2004-1016 A local denial of service vulnerability has been found in the SCM layer. - CVE-2004-1333 An integer overflow in the terminal code may allow a local denial of service vulnerability. - CVE-2004-0997 A local privilege escalation in the MIPS assembly code has been found. - CVE-2004-1335 A memory leak in the ip_options_get() function may lead to denial of service. - CVE-2004-1017 Multiple overflows exist in the io_edgeport driver which might be usable as a denial of service attack vector. - CVE-2005-0124 Bryan Fulton reported a bounds checking bug in the coda_pioctl function which may allow local users to execute arbitrary code or trigger a denial of service attack. - CVE-2003-0984 Inproper initialization of the RTC may disclose information. - CVE-2004-1070 Insufficient input sanitising in the load_elf_binary() function may lead to privilege escalation. - CVE-2004-1071 Incorrect error handling in the binfmt_elf loader may lead to privilege escalation. - CVE-2004-1072 A buffer overflow in the binfmt_elf loader may lead to privilege escalation or denial of service. - CVE-2004-1073 The open_exec function may disclose information. - CVE-2004-1074 The binfmt code is vulnerable to denial of service through malformed a.out binaries. - CVE-2004-0138 A denial of service vulnerability in the ELF loader has been found. - CVE-2004-1068 A programming error in the unix_dgram_recvmsg() function may lead to privilege escalation. - CVE-2004-1234 The ELF loader is vulnerable to denial of service through malformed binaries. - CVE-2005-0003 Crafted ELF binaries may lead to privilege escalation, due to insufficient checking of overlapping memory regions. - CVE-2004-1235 A race condition in the load_elf_library() and binfmt_aout() functions may allow privilege escalation. - CVE-2005-0504 An integer overflow in the Moxa driver may lead to privilege escalation. - CVE-2005-0384 A remote denial of service vulnerability has been found in the PPP driver. - CVE-2005-0135 An IA64 specific local denial of service vulnerability has been found in the unw_unwind_to_user() function. The following matrix explains which kernel version for which architecture fixes the problems mentioned above : Debian 3.0 (woody) Source 2.4.16-1woody2 arm/lart 20040419woody1 arm/netwinder 20040419woody1 arm/riscpc 20040419woody1
    last seen 2019-01-16
    modified 2018-08-09
    plugin id 22609
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22609
    title Debian DSA-1067-1 : kernel-source-2.4.16 - several vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1082.NASL
    description Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2004-0427 A local denial of service vulnerability in do_fork() has been found. - CVE-2005-0489 A local denial of service vulnerability in proc memory handling has been found. - CVE-2004-0394 A buffer overflow in the panic handling code has been found. - CVE-2004-0447 A local denial of service vulnerability through a NULL pointer dereference in the IA64 process handling code has been found. - CVE-2004-0554 A local denial of service vulnerability through an infinite loop in the signal handler code has been found. - CVE-2004-0565 An information leak in the context switch code has been found on the IA64 architecture. - CVE-2004-0685 Unsafe use of copy_to_user in USB drivers may disclose sensitive information. - CVE-2005-0001 A race condition in the i386 page fault handler may allow privilege escalation. - CVE-2004-0883 Multiple vulnerabilities in the SMB filesystem code may allow denial of service or information disclosure. - CVE-2004-0949 An information leak discovered in the SMB filesystem code. - CVE-2004-1016 A local denial of service vulnerability has been found in the SCM layer. - CVE-2004-1333 An integer overflow in the terminal code may allow a local denial of service vulnerability. - CVE-2004-0997 A local privilege escalation in the MIPS assembly code has been found. - CVE-2004-1335 A memory leak in the ip_options_get() function may lead to denial of service. - CVE-2004-1017 Multiple overflows exist in the io_edgeport driver which might be usable as a denial of service attack vector. - CVE-2005-0124 Bryan Fulton reported a bounds checking bug in the coda_pioctl function which may allow local users to execute arbitrary code or trigger a denial of service attack. - CVE-2003-0984 Inproper initialization of the RTC may disclose information. - CVE-2004-1070 Insufficient input sanitising in the load_elf_binary() function may lead to privilege escalation. - CVE-2004-1071 Incorrect error handling in the binfmt_elf loader may lead to privilege escalation. - CVE-2004-1072 A buffer overflow in the binfmt_elf loader may lead to privilege escalation or denial of service. - CVE-2004-1073 The open_exec function may disclose information. - CVE-2004-1074 The binfmt code is vulnerable to denial of service through malformed a.out binaries. - CVE-2004-0138 A denial of service vulnerability in the ELF loader has been found. - CVE-2004-1068 A programming error in the unix_dgram_recvmsg() function may lead to privilege escalation. - CVE-2004-1234 The ELF loader is vulnerable to denial of service through malformed binaries. - CVE-2005-0003 Crafted ELF binaries may lead to privilege escalation, due to insufficient checking of overlapping memory regions. - CVE-2004-1235 A race condition in the load_elf_library() and binfmt_aout() functions may allow privilege escalation. - CVE-2005-0504 An integer overflow in the Moxa driver may lead to privilege escalation. - CVE-2005-0384 A remote denial of service vulnerability has been found in the PPP driver. - CVE-2005-0135 An IA64 specific local denial of service vulnerability has been found in the unw_unwind_to_user() function. The following matrix explains which kernel version for which architecture fixes the problems mentioned above : Debian 3.1 (sarge) Source 2.4.17-1woody4 HP Precision architecture 32.5 Intel IA-64 architecture 011226.18 IBM S/390 architecture/image 2.4.17-2.woody.5 IBM S/390 architecture/patch 0.0.20020816-0.woody.4 PowerPC architecture (apus) 2.4.17-6 MIPS architecture 2.4.17-0.020226.2.woody7
    last seen 2019-01-16
    modified 2018-08-09
    plugin id 22624
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22624
    title Debian DSA-1082-1 : kernel-source-2.4.17 - several vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1069.NASL
    description Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2004-0427 A local denial of service vulnerability in do_fork() has been found. - CVE-2005-0489 A local denial of service vulnerability in proc memory handling has been found. - CVE-2004-0394 A buffer overflow in the panic handling code has been found. - CVE-2004-0447 A local denial of service vulnerability through a NULL pointer dereference in the IA64 process handling code has been found. - CVE-2004-0554 A local denial of service vulnerability through an infinite loop in the signal handler code has been found. - CVE-2004-0565 An information leak in the context switch code has been found on the IA64 architecture. - CVE-2004-0685 Unsafe use of copy_to_user in USB drivers may disclose sensitive information. - CVE-2005-0001 A race condition in the i386 page fault handler may allow privilege escalation. - CVE-2004-0883 Multiple vulnerabilities in the SMB filesystem code may allow denial of service or information disclosure. - CVE-2004-0949 An information leak discovered in the SMB filesystem code. - CVE-2004-1016 A local denial of service vulnerability has been found in the SCM layer. - CVE-2004-1333 An integer overflow in the terminal code may allow a local denial of service vulnerability. - CVE-2004-0997 A local privilege escalation in the MIPS assembly code has been found. - CVE-2004-1335 A memory leak in the ip_options_get() function may lead to denial of service. - CVE-2004-1017 Multiple overflows exist in the io_edgeport driver which might be usable as a denial of service attack vector. - CVE-2005-0124 Bryan Fulton reported a bounds checking bug in the coda_pioctl function which may allow local users to execute arbitrary code or trigger a denial of service attack. - CVE-2003-0984 Inproper initialization of the RTC may disclose information. - CVE-2004-1070 Insufficient input sanitising in the load_elf_binary() function may lead to privilege escalation. - CVE-2004-1071 Incorrect error handling in the binfmt_elf loader may lead to privilege escalation. - CVE-2004-1072 A buffer overflow in the binfmt_elf loader may lead to privilege escalation or denial of service. - CVE-2004-1073 The open_exec function may disclose information. - CVE-2004-1074 The binfmt code is vulnerable to denial of service through malformed a.out binaries. - CVE-2004-0138 A denial of service vulnerability in the ELF loader has been found. - CVE-2004-1068 A programming error in the unix_dgram_recvmsg() function may lead to privilege escalation. - CVE-2004-1234 The ELF loader is vulnerable to denial of service through malformed binaries. - CVE-2005-0003 Crafted ELF binaries may lead to privilege escalation, due to insufficient checking of overlapping memory regions. - CVE-2004-1235 A race condition in the load_elf_library() and binfmt_aout() functions may allow privilege escalation. - CVE-2005-0504 An integer overflow in the Moxa driver may lead to privilege escalation. - CVE-2005-0384 A remote denial of service vulnerability has been found in the PPP driver. - CVE-2005-0135 An IA64 specific local denial of service vulnerability has been found in the unw_unwind_to_user() function. The following matrix explains which kernel version for which architecture fixes the problems mentioned above : Debian 3.0 (woody) Source 2.4.18-14.4 Alpha architecture 2.4.18-15woody1 Intel IA-32 architecture 2.4.18-13.2 HP Precision architecture 62.4 PowerPC architecture 2.4.18-1woody6 PowerPC architecture/XFS 20020329woody1 PowerPC architecture/benh 20020304woody1 Sun Sparc architecture 22woody1
    last seen 2019-01-16
    modified 2018-08-09
    plugin id 22611
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22611
    title Debian DSA-1069-1 : kernel-source-2.4.18 - several vulnerabilities
oval via4
accepted 2013-04-29T04:13:41.688-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
description A "missing serialization" error in the unix_dgram_recvmsg function in Linux 2.4.27 and earlier, and 2.6.x up to 2.6.9, allows local users to gain privileges via a race condition.
family unix
id oval:org.mitre.oval:def:11384
status accepted
submitted 2010-07-09T03:56:16-04:00
title A "missing serialization" error in the unix_dgram_recvmsg function in Linux 2.4.27 and earlier, and 2.6.x up to 2.6.9, allows local users to gain privileges via a race condition.
version 23
redhat via4
advisories
  • rhsa
    id RHSA-2004:504
  • rhsa
    id RHSA-2004:505
  • rhsa
    id RHSA-2004:537
refmap via4
bid 11715
bugtraq
  • 20041119 Addendum, recent Linux <= 2.4.27 vulnerabilities
  • 20041214 [USN-38-1] Linux kernel vulnerabilities
debian
  • DSA-1067
  • DSA-1069
  • DSA-1070
  • DSA-1082
fedora FLSA:2336
mandrake MDKSA-2005:022
secunia
  • 19607
  • 20162
  • 20163
  • 20202
  • 20338
sgi 20060402-01-U
suse SUSE-SA:2004:044
xf linux-afunix-race-condition(18230)
Last major update 17-10-2016 - 22:51
Published 10-01-2005 - 00:00
Last modified 10-10-2017 - 21:29
Back to Top