Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2408

Overview

Vulnerability Score 3.6 3.6
CVE Id CVE-2004-2408
Last Modified 05 Sep 2008 04:44:03
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-2408

Summary

Linux VServer 1.27 and earlier, 1.3.9 and earlier, and 1.9.1 and earlier shares /proc permissions across all virtual and host servers, which allows local users with the ability to set permissions in /proc to obtain system information or cause a denial of service on other virtual servers or the host server.

Vulnerable Systems

Application

  • Linux-vserver 1.20

  • Linux-vserver 1.21

  • Linux-vserver 1.22

  • Linux-vserver 1.23

  • Linux-vserver 1.24

  • Linux-vserver 1.25

  • Linux-vserver 1.26

  • Linux-vserver 1.27

  • Linux-vserver 1.3.0

  • Linux-vserver 1.3.1

  • Linux-vserver 1.3.2

  • Linux-vserver 1.3.3

  • Linux-vserver 1.3.4

  • Linux-vserver 1.3.5

  • Linux-vserver 1.3.6

  • Linux-vserver 1.3.7

  • Linux-vserver 1.3.8

  • Linux-vserver 1.3.9

  • Linux-vserver 1.9.1


References

XF - linux-vserver-modify-permissions(16626)

BID - 10660

SECUNIA - 12021

OSVDB - 7480

SECTRACK - 1010643

MISC - http://linux-vserver.org/ChangeLog

BUGTRAQ - 20040703 Linux Virtual Server/Secure Context procfs shared permissions flaw


Last Updated: 27 May 2016 10:39:28