Race condition in Linux kernel - CVE-2004-0814
Published: December 23, 2004 / Updated: October 11, 2017
Vulnerability identifier: #VU99737
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2004-0814
CWE-ID: CWE-362
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to perform service disruption.
Multiple race conditions in the terminal layer in Linux 2.4.x, and 2.6.x before 2.6.9, allow (1) local users to obtain portions of kernel data via a TIOCSETD ioctl call to a terminal interface that is being accessed by another thread, or (2) remote attackers to cause a denial of service (panic) by switching from console to PPP line discipline, then quickly sending data that is received during the switch.
How to mitigate CVE-2004-0814
Install update from vendor's repository.
Sources
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=131672
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=133110
- http://marc.info/?l=bugtraq&m=110306397320336&w=2
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:022
- http://www.redhat.com/support/errata/RHSA-2005-293.html
- http://www.securityfocus.com/archive/1/379005
- http://www.securityfocus.com/bid/11491
- http://www.securityfocus.com/bid/11492
- https://bugzilla.fedora.us/show_bug.cgi?id=2336
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17816
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10728