[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249622

 
 

909

 
 

195549

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2004-1070Date: (C)2005-01-10   (M)2023-12-22


The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly check return values from calls to the kernel_read function, which may allow local users to modify sensitive memory in a setuid program and execute arbitrary code.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.2
Exploit Score: 3.9
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
BID-11646
SECUNIA-19607
20060402-01-U
SECUNIA-20162
SECUNIA-20163
SECUNIA-20202
SECUNIA-20338
DSA-1067
DSA-1069
DSA-1070
DSA-1082
FLSA:2336
MDKSA-2005:022
RHSA-2004:504
RHSA-2004:505
RHSA-2004:549
http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt
linux-elf-setuid-gain-privileges(18025)
oval:org.mitre.oval:def:9450

CPE    100
cpe:/o:linux:linux_kernel:2.4.27:pre5
cpe:/o:linux:linux_kernel:2.4.27:pre4
cpe:/o:linux:linux_kernel:2.4.27:pre1
cpe:/o:linux:linux_kernel:2.4.27:pre3
...

© SecPod Technologies