Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1235

Overview

Vulnerability Score 6.2 6.2
CVE Id CVE-2004-1235
Last Modified 09 Sep 2013 12:29:23
Published 14 Apr 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2004-1235

Summary

Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.

Vulnerable Systems

Operating System

  • Avaya Modular Messaging Message Storage Server 1.1

  • Avaya Modular Messaging Message Storage Server 2.0

  • Conectiva Linux 10.0

  • Linux Kernel 2.4.0

  • Linux Kernel 2.4.1

  • Linux Kernel 2.4.10

  • Linux Kernel 2.4.11

  • Linux Kernel 2.4.12

  • Linux Kernel 2.4.13

  • Linux Kernel 2.4.14

  • Linux Kernel 2.4.15

  • Linux Kernel 2.4.16

  • Linux Kernel 2.4.17

  • Linux Kernel 2.4.18

  • Linux Kernel 2.4.19

  • Linux Kernel 2.4.2

  • Linux Kernel 2.4.20

  • Linux Kernel 2.4.21

  • Linux Kernel 2.4.22

  • Linux Kernel 2.4.23

  • Linux Kernel 2.4.23 Ow2

  • Linux Kernel 2.4.24

  • Linux Kernel 2.4.24 Ow1

  • Linux Kernel 2.4.25

  • Linux Kernel 2.4.26

  • Linux Kernel 2.4.27

  • Linux Kernel 2.4.28

  • Linux Kernel 2.4.29

  • Linux Kernel 2.4.3

  • Linux Kernel 2.4.4

  • Linux Kernel 2.4.5

  • Linux Kernel 2.4.6

  • Linux Kernel 2.4.7

  • Linux Kernel 2.4.8

  • Linux Kernel 2.4.9

  • Linux Kernel 2.6 Test9 Cvs

  • Linux Kernel 2.6.0

  • Linux Kernel 2.6.1

  • Linux Kernel 2.6.10

  • Linux Kernel 2.6.2

  • Linux Kernel 2.6.3

  • Linux Kernel 2.6.4

  • Linux Kernel 2.6.5

  • Linux Kernel 2.6.6

  • Linux Kernel 2.6.7

  • Linux Kernel 2.6.8

  • Linux Kernel 2.6.9

  • Mandrakesoft Mandrake Linux 10.0

  • Mandrakesoft Mandrake Linux 10.1

  • Mandrakesoft Mandrake Linux 9.2

  • Mandrakesoft Mandrake Linux Corporate Server 2.1

  • Mandrakesoft Mandrake Linux Corporate Server 3.0

  • Redhat Enterprise Linux 3.0

  • Redhat Enterprise Linux 4.0

  • Redhat Enterprise Linux Desktop 3.0

  • Redhat Enterprise Linux Desktop 4.0

  • Redhat Fedora Core Core 1.0

  • Redhat Fedora Core Core 2.0

  • Redhat Fedora Core Core 3.0

  • Redhat Linux 7.3

  • Redhat Linux 9.0

  • Suse Linux 1.0

  • Suse Linux 8

  • Suse Linux 8.1

  • Suse Linux 8.2

  • Suse Linux 9.0

  • Suse Linux 9.1

  • Suse Linux 9.2

  • Ubuntu Linux 4.1

Application

  • Avaya Intuity Audix

  • Avaya Mn100

  • Avaya Network Routing

  • Mandrakesoft Mandrake Multi Network Firewall 8.2


References

BID - 12190

REDHAT - RHSA-2005:043

FEDORA - FLSA:2336

XF - linux-uselib-gain-privileges(18800)

TRUSTIX - 2005-0001

FEDORA - FEDORA-2005-013

FEDORA - FEDORA-2005-014

CONFIRM - http://www.securityfocus.com/advisories/7804

REDHAT - RHSA-2005:092

MISC - http://isec.pl/vulnerabilities/isec-0021-uselib.txt

CONECTIVA - CLA-2005:930

REDHAT - RHSA-2005:017

REDHAT - RHSA-2005:016

SUSE - SUSE-SR:2005:001

MANDRAKE - MDKSA-2005:022

DEBIAN - DSA-1082

DEBIAN - DSA-1070

DEBIAN - DSA-1069

DEBIAN - DSA-1067

SECUNIA - 20338

SECUNIA - 20202

SECUNIA - 20163

SECUNIA - 20162

BUGTRAQ - 20050107 Linux kernel sys_uselib local root vulnerability


Last Updated: 27 May 2016 10:38:56