Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2731

Overview

Vulnerability Score 4.4 4.4
CVE Id CVE-2004-2731
Last Modified 05 Sep 2008 04:44:57
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2004-2731

Summary

Multiple integer overflows in Sbus PROM driver (drivers/sbus/char/openprom.c) for the Linux kernel 2.4.x up to 2.4.27, 2.6.x up to 2.6.7, and possibly later versions, allow local users to execute arbitrary code by specifying (1) a small buffer size to the copyin_string function or (2) a negative buffer size to the copyin function.

Vulnerable Systems

Operating System

  • Linux Kernel 2.4.0

  • Linux Kernel 2.4.1

  • Linux Kernel 2.4.10

  • Linux Kernel 2.4.11

  • Linux Kernel 2.4.12

  • Linux Kernel 2.4.13

  • Linux Kernel 2.4.14

  • Linux Kernel 2.4.15

  • Linux Kernel 2.4.16

  • Linux Kernel 2.4.17

  • Linux Kernel 2.4.18

  • Linux Kernel 2.4.19

  • Linux Kernel 2.4.2

  • Linux Kernel 2.4.20

  • Linux Kernel 2.4.21

  • Linux Kernel 2.4.22

  • Linux Kernel 2.4.23

  • Linux Kernel 2.4.23 Ow2

  • Linux Kernel 2.4.24

  • Linux Kernel 2.4.24 Ow1

  • Linux Kernel 2.4.25

  • Linux Kernel 2.4.26

  • Linux Kernel 2.4.27

  • Linux Kernel 2.4.28

  • Linux Kernel 2.4.29

  • Linux Kernel 2.4.3

  • Linux Kernel 2.4.30

  • Linux Kernel 2.4.31

  • Linux Kernel 2.4.32

  • Linux Kernel 2.4.33

  • Linux Kernel 2.4.33.2

  • Linux Kernel 2.4.33.3

  • Linux Kernel 2.4.33.4

  • Linux Kernel 2.4.33.5

  • Linux Kernel 2.4.34

  • Linux Kernel 2.4.34.1

  • Linux Kernel 2.4.34.2

  • Linux Kernel 2.4.35

  • Linux Kernel 2.4.35.2

  • Linux Kernel 2.4.4

  • Linux Kernel 2.4.5

  • Linux Kernel 2.4.6

  • Linux Kernel 2.4.7

  • Linux Kernel 2.4.8

  • Linux Kernel 2.4.9

  • Linux Kernel 2.4.9 Pre5

  • Linux Kernel 2.6.0

  • Linux Kernel 2.6.1

  • Linux Kernel 2.6.2

  • Linux Kernel 2.6.3

  • Linux Kernel 2.6.4

  • Linux Kernel 2.6.5

  • Linux Kernel 2.6.6

  • Linux Kernel 2.6.7


References

BID - 10632

MISC - http://www.securiteam.com/unixfocus/5GP0515DFW.html

OSVDB - 8363

OSVDB - 7345

SECTRACK - 1010617

SECUNIA - 11981

BUGTRAQ - 20040629 linux kernel Sbus PROM driver multiple integer overflows

DEBIAN - DSA-1503

SECUNIA - 29058


Last Updated: 27 May 2016 10:39:36