Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0424

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2004-0424
Last Modified 21 Aug 2010 12:20:27
Published 07 Jul 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-0424

Summary

Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22 through 2.4.25 and 2.6.1 through 2.6.3 allows local users to cause a denial of service (crash) or execute arbitrary code via the MCAST_MSFILTER socket option.

Vulnerable Systems

Operating System

  • Linux Kernel 2.4.22

  • Linux Kernel 2.4.23

  • Linux Kernel 2.4.23 Ow2

  • Linux Kernel 2.4.24

  • Linux Kernel 2.4.24 Ow1

  • Linux Kernel 2.4.25

  • Linux Kernel 2.6.1

  • Linux Kernel 2.6.2

  • Linux Kernel 2.6.3

  • Slackware Linux 9.1

  • Slackware Linux Current

Application

  • Sgi Propack 3.0


References

XF - linux-ipsetsockopt-integer-bo(15907)

BID - 10179

ENGARDE - ESA-20040428-004

MISC - http://www.isec.pl/vulnerabilities/isec-0015-msfilter.txt

BUGTRAQ - 20040420 Linux kernel setsockopt MCAST_MSFILTER integer overflow

SUSE - SuSE-SA:2004:010

SGI - 20040504-01-U

SLACKWARE - SSA:2004-119

REDHAT - RHSA-2004:183

MANDRAKE - MDKSA-2004:037

CONECTIVA - CLA-2004:852


Last Updated: 27 May 2016 10:38:36