SB2004060101 - Memory corruption in Linux kernel
Published: June 1, 2004
Security Bulletin ID
SB2004060101
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Memory corruption (CVE-ID: CVE-2004-0109)
The vulnerability allows a local user to read and manipulate data.
Buffer overflow in the ISO9660 file system component for Linux kernel 2.4.x, 2.5.x and 2.6.x, allows local users with physical access to overflow kernel memory and execute arbitrary code via a malformed CD containing a long symbolic link entry.
Remediation
Install update from vendor's website.
References
- ftp://patches.sgi.com/support/free/security/advisories/20040405-01-U.asc
- ftp://patches.sgi.com/support/free/security/advisories/20040504-01-U.asc
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846
- http://marc.info/?l=bugtraq&m=108213675028441&w=2
- http://rhn.redhat.com/errata/RHSA-2004-166.html
- http://secunia.com/advisories/11361
- http://secunia.com/advisories/11362
- http://secunia.com/advisories/11373
- http://secunia.com/advisories/11429
- http://secunia.com/advisories/11464
- http://secunia.com/advisories/11469
- http://secunia.com/advisories/11470
- http://secunia.com/advisories/11486
- http://secunia.com/advisories/11494
- http://secunia.com/advisories/11518
- http://secunia.com/advisories/11626
- http://secunia.com/advisories/11861
- http://secunia.com/advisories/11891
- http://secunia.com/advisories/11986
- http://secunia.com/advisories/12003
- http://security.gentoo.org/glsa/glsa-200407-02.xml
- http://www.ciac.org/ciac/bulletins/o-121.shtml
- http://www.ciac.org/ciac/bulletins/o-127.shtml
- http://www.debian.org/security/2004/dsa-479
- http://www.debian.org/security/2004/dsa-480
- http://www.debian.org/security/2004/dsa-481
- http://www.debian.org/security/2004/dsa-482
- http://www.debian.org/security/2004/dsa-489
- http://www.debian.org/security/2004/dsa-491
- http://www.debian.org/security/2004/dsa-495
- http://www.idefense.com/application/poi/display?id=101&type=vulnerabilities
- http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:029
- http://www.novell.com/linux/security/advisories/2004_09_kernel.html
- http://www.redhat.com/support/errata/RHSA-2004-105.html
- http://www.redhat.com/support/errata/RHSA-2004-106.html
- http://www.redhat.com/support/errata/RHSA-2004-183.html
- http://www.securityfocus.com/bid/10141
- http://www.turbolinux.com/security/2004/TLSA-2004-14.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15866
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10733
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A940