Main Vulnerability Database Vulnerabilities #VU94780

#VU94780 Integer overflow in Linux kernel - CVE-2004-1334

Published: July 26, 2024

Vulnerability identifier: #VU94780

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2004-1334

CWE-ID: CWE-190

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Linux kernel

Software vendor:
Linux Foundation

Description

The vulnerability allows a local user to perform service disruption.

Integer overflow in the ip_options_get function in the Linux kernel before 2.6.10 allows local users to cause a denial of service (kernel crash) via a cmsg_len that contains a -1, which leads to a buffer overflow.

Remediation

Install update from vendor's repository.

External links

http://www.securitytrap.com/mail/full-disclosure/2004/Dec/0323.html
http://www.guninski.com/where_do_you_want_billg_to_go_today_2.html
http://www.securityfocus.com/bid/11956
http://marc.info/?l=bugtraq&m=110383108211524&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/18522

#VU94780 Integer overflow in Linux kernel - CVE-2004-1334

Description

Remediation

External links

Please verify you're human