Memory corruption in Linux kernel - CVE-2004-0109
Published: June 1, 2004 / Updated: October 11, 2017
Vulnerability identifier: #VU99793
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2004-0109
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to read and manipulate data.
Buffer overflow in the ISO9660 file system component for Linux kernel 2.4.x, 2.5.x and 2.6.x, allows local users with physical access to overflow kernel memory and execute arbitrary code via a malformed CD containing a long symbolic link entry.
How to mitigate CVE-2004-0109
Install update from vendor's repository.
Sources
- ftp://patches.sgi.com/support/free/security/advisories/20040405-01-U.asc
- ftp://patches.sgi.com/support/free/security/advisories/20040504-01-U.asc
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846
- http://marc.info/?l=bugtraq&m=108213675028441&w=2
- http://rhn.redhat.com/errata/RHSA-2004-166.html
- http://secunia.com/advisories/11361
- http://secunia.com/advisories/11362
- http://secunia.com/advisories/11373
- http://secunia.com/advisories/11429
- http://secunia.com/advisories/11464
- http://secunia.com/advisories/11469
- http://secunia.com/advisories/11470
- http://secunia.com/advisories/11486
- http://secunia.com/advisories/11494
- http://secunia.com/advisories/11518
- http://secunia.com/advisories/11626
- http://secunia.com/advisories/11861
- http://secunia.com/advisories/11891
- http://secunia.com/advisories/11986
- http://secunia.com/advisories/12003
- http://security.gentoo.org/glsa/glsa-200407-02.xml
- http://www.ciac.org/ciac/bulletins/o-121.shtml
- http://www.ciac.org/ciac/bulletins/o-127.shtml
- http://www.debian.org/security/2004/dsa-479
- http://www.debian.org/security/2004/dsa-480
- http://www.debian.org/security/2004/dsa-481
- http://www.debian.org/security/2004/dsa-482
- http://www.debian.org/security/2004/dsa-489
- http://www.debian.org/security/2004/dsa-491
- http://www.debian.org/security/2004/dsa-495
- http://www.idefense.com/application/poi/display?id=101&type=vulnerabilities
- http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:029
- http://www.novell.com/linux/security/advisories/2004_09_kernel.html
- http://www.redhat.com/support/errata/RHSA-2004-105.html
- http://www.redhat.com/support/errata/RHSA-2004-106.html
- http://www.redhat.com/support/errata/RHSA-2004-183.html
- http://www.securityfocus.com/bid/10141
- http://www.turbolinux.com/security/2004/TLSA-2004-14.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15866
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10733
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A940