Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2013

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2004-2013
Last Modified 05 Sep 2008 04:42:57
Published 31 Dec 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-2013

Summary

Integer overflow in the SCTP_SOCKOPT_DEBUG_NAME SCTP socket option in socket.c in the Linux kernel 2.4.25 and earlier allows local users to execute arbitrary code via an optlen value of -1, which causes kmalloc to allocate 0 bytes of memory.

Vulnerable Systems

Operating System

  • Linux Kernel 2.0

  • Linux Kernel 2.0.1

  • Linux Kernel 2.0.10

  • Linux Kernel 2.0.11

  • Linux Kernel 2.0.12

  • Linux Kernel 2.0.13

  • Linux Kernel 2.0.14

  • Linux Kernel 2.0.15

  • Linux Kernel 2.0.16

  • Linux Kernel 2.0.17

  • Linux Kernel 2.0.18

  • Linux Kernel 2.0.19

  • Linux Kernel 2.0.2

  • Linux Kernel 2.0.20

  • Linux Kernel 2.0.21

  • Linux Kernel 2.0.22

  • Linux Kernel 2.0.23

  • Linux Kernel 2.0.24

  • Linux Kernel 2.0.25

  • Linux Kernel 2.0.26

  • Linux Kernel 2.0.27

  • Linux Kernel 2.0.28

  • Linux Kernel 2.0.29

  • Linux Kernel 2.0.3

  • Linux Kernel 2.0.30

  • Linux Kernel 2.0.31

  • Linux Kernel 2.0.32

  • Linux Kernel 2.0.33

  • Linux Kernel 2.0.34

  • Linux Kernel 2.0.35

  • Linux Kernel 2.0.36

  • Linux Kernel 2.0.37

  • Linux Kernel 2.0.38

  • Linux Kernel 2.0.39

  • Linux Kernel 2.0.4

  • Linux Kernel 2.0.5

  • Linux Kernel 2.0.6

  • Linux Kernel 2.0.7

  • Linux Kernel 2.0.8

  • Linux Kernel 2.0.9

  • Linux Kernel 2.1

  • Linux Kernel 2.1.89

  • Linux Kernel 2.2.0

  • Linux Kernel 2.2.1

  • Linux Kernel 2.2.10

  • Linux Kernel 2.2.11

  • Linux Kernel 2.2.12

  • Linux Kernel 2.2.13

  • Linux Kernel 2.2.14

  • Linux Kernel 2.2.15

  • Linux Kernel 2.2.15 Pre20

  • Linux Kernel 2.2.16

  • Linux Kernel 2.2.17

  • Linux Kernel 2.2.18

  • Linux Kernel 2.2.19

  • Linux Kernel 2.2.2

  • Linux Kernel 2.2.20

  • Linux Kernel 2.2.21

  • Linux Kernel 2.2.22

  • Linux Kernel 2.2.23

  • Linux Kernel 2.2.24

  • Linux Kernel 2.2.25

  • Linux Kernel 2.2.3

  • Linux Kernel 2.2.4

  • Linux Kernel 2.2.5

  • Linux Kernel 2.2.6

  • Linux Kernel 2.2.7

  • Linux Kernel 2.2.8

  • Linux Kernel 2.2.9

  • Linux Kernel 2.3.0

  • Linux Kernel 2.3.99

  • Linux Kernel 2.4.0

  • Linux Kernel 2.4.1

  • Linux Kernel 2.4.10

  • Linux Kernel 2.4.11

  • Linux Kernel 2.4.12

  • Linux Kernel 2.4.13

  • Linux Kernel 2.4.14

  • Linux Kernel 2.4.15

  • Linux Kernel 2.4.16

  • Linux Kernel 2.4.17

  • Linux Kernel 2.4.18

  • Linux Kernel 2.4.19

  • Linux Kernel 2.4.2

  • Linux Kernel 2.4.20

  • Linux Kernel 2.4.21

  • Linux Kernel 2.4.22

  • Linux Kernel 2.4.23

  • Linux Kernel 2.4.23 Ow2

  • Linux Kernel 2.4.24

  • Linux Kernel 2.4.24 Ow1

  • Linux Kernel 2.4.25

  • Linux Kernel 2.4.3

  • Linux Kernel 2.4.4

  • Linux Kernel 2.4.5

  • Linux Kernel 2.4.6

  • Linux Kernel 2.4.7

  • Linux Kernel 2.4.8

  • Linux Kernel 2.4.9


References

TRUSTIX - 2004-0029

BUGTRAQ - 20040511 Linux Kernel sctp_setsockopt() Integer Overflow

XF - linux-sctpsetsockopt-integer-bo(16117)

BID - 10326


Last Updated: 27 May 2016 10:39:17