Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1068

Overview

Vulnerability Score 6.2 6.2
CVE Id CVE-2004-1068
Last Modified 21 Aug 2010 12:21:45
Published 10 Jan 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2004-1068

Summary

A "missing serialization" error in the unix_dgram_recvmsg function in Linux 2.4.27 and earlier, and 2.6.x up to 2.6.9, allows local users to gain privileges via a race condition.

Vulnerable Systems

Operating System

  • Linux Kernel 2.4.0

  • Linux Kernel 2.4.1

  • Linux Kernel 2.4.10

  • Linux Kernel 2.4.12

  • Linux Kernel 2.4.13

  • Linux Kernel 2.4.14

  • Linux Kernel 2.4.15

  • Linux Kernel 2.4.16

  • Linux Kernel 2.4.17

  • Linux Kernel 2.4.18

  • Linux Kernel 2.4.19

  • Linux Kernel 2.4.2

  • Linux Kernel 2.4.20

  • Linux Kernel 2.4.21

  • Linux Kernel 2.4.22

  • Linux Kernel 2.4.23

  • Linux Kernel 2.4.23 Ow2

  • Linux Kernel 2.4.24

  • Linux Kernel 2.4.24 Ow1

  • Linux Kernel 2.4.25

  • Linux Kernel 2.4.26

  • Linux Kernel 2.4.27

  • Linux Kernel 2.4.3

  • Linux Kernel 2.4.4

  • Linux Kernel 2.4.5

  • Linux Kernel 2.4.6

  • Linux Kernel 2.4.7

  • Linux Kernel 2.4.8

  • Linux Kernel 2.4.9

  • Redhat Enterprise Linux 2.1

  • Redhat Enterprise Linux 3.0

  • Redhat Enterprise Linux Desktop 3.0

  • Redhat Linux Advanced Workstation 2.1

  • Ubuntu Linux 4.1


References

BID - 11715

FEDORA - FLSA:2336

XF - linux-afunix-race-condition(18230)

BUGTRAQ - 20041119 Addendum, recent Linux <= 2.4.27 vulnerabilities

REDHAT - RHSA-2004:537

REDHAT - RHSA-2004:505

REDHAT - RHSA-2004:504

SUSE - SUSE-SA:2004:044

MANDRAKE - MDKSA-2005:022

DEBIAN - DSA-1082

DEBIAN - DSA-1070

DEBIAN - DSA-1069

DEBIAN - DSA-1067

SECUNIA - 20338

SECUNIA - 20202

SECUNIA - 20163

SECUNIA - 20162

SECUNIA - 19607

BUGTRAQ - 20041214 [USN-38-1] Linux kernel vulnerabilities

SGI - 20060402-01-U


Last Updated: 27 May 2016 10:38:52