Improper input validation in Linux kernel - CVE-2004-0997
Published: December 31, 2004 / Updated: September 5, 2008
Vulnerability identifier: #VU95650
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2004-0997
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to read and manipulate data.
Unspecified vulnerability in the ptrace MIPS assembly code in Linux kernel 2.4 before 2.4.17 allows local users to gain privileges via unknown vectors. This vulnerability is addressed in the following product release: Linux, Linux kernel, 2.4.17
How to mitigate CVE-2004-0997
Install update from vendor's repository.
Sources
- http://kernel.debian.net/debian/pool/main/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody4_ia64.changes
- http://secunia.com/advisories/20162
- http://secunia.com/advisories/20163
- http://secunia.com/advisories/20202
- http://secunia.com/advisories/20338
- http://svn.debian.org/wsvn/kernel/patch-tracking/CVE-2004-0997?op=file&rev=0&sc=0
- http://www.debian.org/security/2006/dsa-1067
- http://www.debian.org/security/2006/dsa-1069
- http://www.debian.org/security/2006/dsa-1070
- http://www.debian.org/security/2006/dsa-1082
- http://www.securityfocus.com/bid/18176