SB2004060104 - Improper input validation in Linux kernel
Published: June 1, 2004
Security Bulletin ID
SB2004060104
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper input validation (CVE-ID: CVE-2004-0178)
The vulnerability allows a local user to perform service disruption.
The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before 2.4.26, when operating in 16 bit mode, does not properly handle certain sample sizes, which allows local users to cause a denial of service (crash) via a sample with an odd number of bytes.
Remediation
Install update from vendor's website.
References
- ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846
- http://linux.bkbits.net:8080/linux-2.4/cset@404ce5967rY2Ryu6Z_uNbYh643wuFA
- http://security.gentoo.org/glsa/glsa-200407-02.xml
- http://www.ciac.org/ciac/bulletins/o-121.shtml
- http://www.ciac.org/ciac/bulletins/o-127.shtml
- http://www.ciac.org/ciac/bulletins/o-193.shtml
- http://www.debian.org/security/2004/dsa-479
- http://www.debian.org/security/2004/dsa-480
- http://www.debian.org/security/2004/dsa-481
- http://www.debian.org/security/2004/dsa-482
- http://www.debian.org/security/2004/dsa-489
- http://www.debian.org/security/2004/dsa-491
- http://www.debian.org/security/2004/dsa-495
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:029
- http://www.redhat.com/support/errata/RHSA-2004-413.html
- http://www.redhat.com/support/errata/RHSA-2004-437.html
- http://www.securityfocus.com/bid/9985
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15868
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9427