Improper input validation in Linux kernel - CVE-2004-0497
Published: December 6, 2004 / Updated: August 7, 2024
Vulnerability identifier: #VU95478
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2004-0497
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to corrupt data.
Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in kernel 2.4.
How to mitigate CVE-2004-0497
Install update from vendor's repository.
Sources
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000852
- http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:066
- http://www.novell.com/linux/security/advisories/2004_20_kernel.html
- http://www.redhat.com/support/errata/RHSA-2004-354.html
- http://www.redhat.com/support/errata/RHSA-2004-360.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16599
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9867