var-200407-0196
Vulnerability from variot
Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ Linux In the kernel, context switch code is used to switch computation processing between threads. Also, ia64 In architecture, FPH ( High-order register of floating point register ) Change information to user mask (UM) In the register MFH Store in register. this FPH If the register is changed, MFH A bit is set in the register. Local attackers who exploit this issue MFH It is possible to read the register values of other processes by creating a program that sets the bits. Also, ia64 In architecture Linux Kernel 2.4.x In certain circumstances, a local attacker could cause a kernel panic, resulting in a system out of service (CAN-2004-0447) Has been reported, but it is unknown at present. still, ia64 Other architectures are not affected by these issues.Please refer to the “Overview” for the impact of this vulnerability. The Linux kernel is reported prone to a data-disclosure vulnerability. Reportedly, this issue may permit a malicious executable to access the contents of floating-point registers that belong to another process. Linux is an open source operating system. Opened by (Arun Sharma) on 2004-05-28 17:46
Description of problem:
Linux 2.4.x and the SLES9/ia64 kernels have a floating point leak.
Version-Release number of selected component (if applicable):
2.4.21-12.EL.
How reproducible:
Run N (= number of cpus) copies of the program secret and one copy of the program check. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Debian Security Advisory DSA 1069-1 security@debian.org http://www.debian.org/security/ Martin Schulze, Dann Frazier May 20th, 2006 http://www.debian.org/security/faq
Package : kernel-source-2.4.18,kernel-image-2.4.18-1-alpha,kernel-image-2.4.18-1-i386,kernel-image-2.4.18-hppa,kernel-image-2.4.18-powerpc-xfs,kernel-patch-2.4.18-powerpc,kernel-patch-benh Vulnerability : several Problem-Type : local/remote Debian-specific: no CVE IDs : CVE-2004-0427 CVE-2005-0489 CVE-2004-0394 CVE-2004-0447 CVE-2004-0554 CVE-2004-0565 CVE-2004-0685 CVE-2005-0001 CVE-2004-0883 CVE-2004-0949 CVE-2004-1016 CVE-2004-1333 CVE-2004-0997 CVE-2004-1335 CVE-2004-1017 CVE-2005-0124 CVE-2005-0528 CVE-2003-0984 CVE-2004-1070 CVE-2004-1071 CVE-2004-1072 CVE-2004-1073 CVE-2004-1074 CVE-2004-0138 CVE-2004-1068 CVE-2004-1234 CVE-2005-0003 CVE-2004-1235 CVE-2005-0504 CVE-2005-0384 CVE-2005-0135
Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2004-0427
A local denial of service vulnerability in do_fork() has been found.
CVE-2005-0489
A local denial of service vulnerability in proc memory handling has
been found.
CVE-2004-0394
A buffer overflow in the panic handling code has been found.
CVE-2004-0447
A local denial of service vulnerability through a null pointer
dereference in the IA64 process handling code has been found.
CVE-2004-0554
A local denial of service vulnerability through an infinite loop in
the signal handler code has been found.
CVE-2004-0685
Unsafe use of copy_to_user in USB drivers may disclose sensitive
information.
CVE-2005-0001
A race condition in the i386 page fault handler may allow privilege
escalation.
CVE-2004-0883
Multiple vulnerabilities in the SMB filesystem code may allow denial
of service of information disclosure.
CVE-2004-0949
An information leak discovered in the SMB filesystem code.
CVE-2004-1016
A local denial of service vulnerability has been found in the SCM layer.
CVE-2004-1333
An integer overflow in the terminal code may allow a local denial of
service vulnerability.
CVE-2004-0997
A local privilege escalation in the MIPS assembly code has been found.
CVE-2004-1335
A memory leak in the ip_options_get() function may lead to denial of
service.
CVE-2004-1017
Multiple overflows exist in the io_edgeport driver which might be usable
as a denial of service attack vector.
CVE-2005-0124
Bryan Fulton reported a bounds checking bug in the coda_pioctl function
which may allow local users to execute arbitrary code or trigger a denial
of service attack.
CVE-2005-0528
A local privilege escalation in the mremap function has been found
CVE-2003-0984
Inproper initialization of the RTC may disclose information.
CVE-2004-1070
Insufficient input sanitising in the load_elf_binary() function may
lead to privilege escalation.
CVE-2004-1071
Incorrect error handling in the binfmt_elf loader may lead to privilege
escalation.
CVE-2004-1072
A buffer overflow in the binfmt_elf loader may lead to privilege
escalation or denial of service.
CVE-2004-1073
The open_exec function may disclose information.
CVE-2004-1074
The binfmt code is vulnerable to denial of service through malformed
a.out binaries.
CVE-2004-0138
A denial of service vulnerability in the ELF loader has been found.
CVE-2004-1068
A programming error in the unix_dgram_recvmsg() function may lead to
privilege escalation.
CVE-2004-1234
The ELF loader is vulnerable to denial of service through malformed
binaries.
CVE-2005-0003
Crafted ELF binaries may lead to privilege escalation, due to
insufficient checking of overlapping memory regions.
CVE-2004-1235
A race condition in the load_elf_library() and binfmt_aout() functions
may allow privilege escalation.
CVE-2005-0504
An integer overflow in the Moxa driver may lead to privilege escalation.
CVE-2005-0384
A remote denial of service vulnerability has been found in the PPP
driver.
The following matrix explains which kernel version for which architecture fix the problems mentioned above:
Debian 3.0 (woody)
Source 2.4.18-14.4
Alpha architecture 2.4.18-15woody1
Intel IA-32 architecture 2.4.18-13.2
HP Precision architecture 62.4
PowerPC architecture 2.4.18-1woody6
PowerPC architecture/XFS 20020329woody1
PowerPC architecture/benh 20020304woody1
Sun Sparc architecture 22woody1
We recommend that you upgrade your kernel package immediately and reboot the machine.
Upgrade Instructions
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get dist-upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
These files will probably be moved into the stable distribution on its next update.
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show
iD8DBQFEb9YGXm3vHE4uyloRAkhXAJ0e1RmUxVZSbQICFa/j07oKPfWRVwCeMrhj wYGegwosZg6xi3oI77opLQY= =eu/T -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ .
Debian GNU/Linux 3.0 alias woody
Source archives:
http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-sparc-2.4_26woody1.dsc
Size/MD5 checksum: 692 27f44a0eec5837b0b01d26c6cff392be
http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-sparc-2.4_26woody1.tar.gz
Size/MD5 checksum: 27768 6c719a6343c9ea0dad44a736b3842504
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody5.dsc
Size/MD5 checksum: 792 d7c89c90fad77944ca1c5a18327f31dd
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody5.tar.gz
Size/MD5 checksum: 1013866 21b4b677a7a319442c8fe8a4c72eb4c2
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19-4.woody3.dsc
Size/MD5 checksum: 672 4c353db091e8edc4395e46cf8d39ec42
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19-4.woody3.diff.gz
Size/MD5 checksum: 71071 7012adde9ba9a573e1be66f0d258721a
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19.orig.tar.gz
Size/MD5 checksum: 32000211 237896fbb45ae652cc9c5cecc9b746da
Architecture independent components:
http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-headers-2.4.18-sparc_22woody1_all.deb
Size/MD5 checksum: 1521850 75d23c7c54094b1d25d3b708fd644407
http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-headers-2.4.19-sparc_26woody1_all.deb
Size/MD5 checksum: 1547874 c6881b25e3a5967e0f6f9c351fb88962
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody5_all.deb
Size/MD5 checksum: 1014564 0e89364c2816f5f4519256a8ea367ab6
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-doc-2.4.19_2.4.19-4.woody3_all.deb
Size/MD5 checksum: 1785490 c66cef9e87d9a89caeee02af31e3c96d
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19-4.woody3_all.deb
Size/MD5 checksum: 25902158 321403201a198371fd55c9b8ac4583f7
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-2.4.18-sun4u_22woody1_sparc.deb
Size/MD5 checksum: 3923058 db7bbd997410667bec4ac713d81d60ea
http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-2.4.18-sun4u-smp_22woody1_sparc.deb
Size/MD5 checksum: 4044796 106fcb86485531d96b4fdada61b71405
http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-2.4.19-sun4u_26woody1_sparc.deb
Size/MD5 checksum: 3831424 347b0c290989f0cc99f3b336c156f61d
http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-2.4.19-sun4u-smp_26woody1_sparc.deb
Size/MD5 checksum: 3952220 f7dd8326c0ae0b0dee7c46e24023d0a2
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-headers-2.4.19_2.4.19-0.020911.1.woody5_mips.deb
Size/MD5 checksum: 3890804 7348a8cd3961190aa2a19f562c96fe2f
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-image-2.4.19-r4k-ip22_2.4.19-0.020911.1.woody5_mips.deb
Size/MD5 checksum: 2080618 d52d00e7097ae0c8f4ccb6f34656361d
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-image-2.4.19-r5k-ip22_2.4.19-0.020911.1.woody5_mips.deb
Size/MD5 checksum: 2080830 db7141d3c0d86a43659176f974599cc2
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/mips-tools_2.4.19-0.020911.1.woody5_mips.deb
Size/MD5 checksum: 15816 c31e3b72d6eac6f3f99f75ea838e0bf9
These files will probably be moved into the stable distribution on its next update
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200407-0196",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mandrake linux corporate server",
"scope": "eq",
"trust": 1.6,
"vendor": "mandrakesoft",
"version": "2.1"
},
{
"model": "mandrake linux",
"scope": "eq",
"trust": 1.6,
"vendor": "mandrakesoft",
"version": "10.0"
},
{
"model": "mandrake linux",
"scope": "eq",
"trust": 1.6,
"vendor": "mandrakesoft",
"version": "9.2"
},
{
"model": "secure linux",
"scope": "eq",
"trust": 1.3,
"vendor": "trustix",
"version": "2.1"
},
{
"model": "secure linux",
"scope": "eq",
"trust": 1.3,
"vendor": "trustix",
"version": "2.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "gentoo",
"version": "*"
},
{
"model": "secure linux",
"scope": "eq",
"trust": 1.0,
"vendor": "trustix",
"version": "2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 1.0,
"vendor": "linux",
"version": "2.4.0"
},
{
"model": "mandrake multi network firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "mandrakesoft",
"version": "8.2"
},
{
"model": "mandrake linux",
"scope": "eq",
"trust": 1.0,
"vendor": "mandrakesoft",
"version": "9.1"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (ws)"
},
{
"model": "secure enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "trustix",
"version": "2.0"
},
{
"model": "enterprise linux ws ia64",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"model": "enterprise linux es ia64",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"model": "enterprise linux as ia64",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"model": "advanced workstation for the itanium processor ia64",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"model": "advanced workstation for the itanium processor",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"model": "linux mandrake amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "10.0"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "10.0"
},
{
"model": "linux mandrake amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "9.2"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "9.2"
},
{
"model": "linux mandrake ppc",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "9.1"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "9.1"
},
{
"model": "multi network firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "2.0"
},
{
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "2.1"
},
{
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "2.1"
},
{
"model": "kernel -pre2",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4.27"
},
{
"model": "kernel -pre1",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4.27"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4.26"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4.25"
},
{
"model": "kernel -ow1",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4.24"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4.24"
},
{
"model": "kernel -pre9",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4.23"
},
{
"model": "kernel -ow2",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4.23"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4.23"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4.22"
},
{
"model": "kernel pre7",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4.21"
},
{
"model": "kernel pre4",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4.21"
},
{
"model": "kernel pre1",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4.21"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4.21"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4.20"
},
{
"model": "kernel -pre6",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4.19"
},
{
"model": "kernel -pre5",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4.19"
},
{
"model": "kernel -pre4",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4.19"
},
{
"model": "kernel -pre3",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4.19"
},
{
"model": "kernel -pre2",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4.19"
},
{
"model": "kernel -pre1",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4.19"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4.19"
},
{
"model": "kernel pre-8",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4.18"
},
{
"model": "kernel pre-7",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4.18"
},
{
"model": "kernel pre-6",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4.18"
},
{
"model": "kernel pre-5",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4.18"
},
{
"model": "kernel pre-4",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4.18"
},
{
"model": "kernel pre-3",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4.18"
},
{
"model": "kernel pre-2",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4.18"
},
{
"model": "kernel pre-1",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4.18"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4.18x86"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4.18"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4.17"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4.16"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4.15"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4.14"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4.13"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4.12"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4.11"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4.10"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4.9"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4.8"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4.7"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4.6"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4.5"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4.4"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4.3"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4.2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4.1"
},
{
"model": "kernel .0-test9",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4"
},
{
"model": "kernel .0-test8",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4"
},
{
"model": "kernel .0-test7",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4"
},
{
"model": "kernel .0-test6",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4"
},
{
"model": "kernel .0-test5",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4"
},
{
"model": "kernel .0-test4",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4"
},
{
"model": "kernel .0-test3",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4"
},
{
"model": "kernel .0-test2",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4"
},
{
"model": "kernel .0-test12",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4"
},
{
"model": "kernel .0-test11",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4"
},
{
"model": "kernel .0-test10",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4"
},
{
"model": "kernel .0-test1",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.0"
},
{
"model": "linux ppc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.0"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.0"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.0"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.0"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.0"
}
],
"sources": [
{
"db": "BID",
"id": "10687"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000211"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-044"
},
{
"db": "NVD",
"id": "CVE-2004-0565"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mandrakesoft:mandrake_multi_network_firewall:8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:trustix:secure_linux:2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:trustix:secure_linux:2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0565"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Arun Sharma",
"sources": [
{
"db": "PACKETSTORM",
"id": "33773"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-044"
}
],
"trust": 0.7
},
"cve": "CVE-2004-0565",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2004-0565",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-8995",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2004-0565",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-200412-044",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-8995",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-8995"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000211"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-044"
},
{
"db": "NVD",
"id": "CVE-2004-0565"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ Linux In the kernel, context switch code is used to switch computation processing between threads. Also, ia64 In architecture, FPH ( High-order register of floating point register ) Change information to user mask (UM) In the register MFH Store in register. this FPH If the register is changed, MFH A bit is set in the register. Local attackers who exploit this issue MFH It is possible to read the register values of other processes by creating a program that sets the bits. Also, ia64 In architecture Linux Kernel 2.4.x In certain circumstances, a local attacker could cause a kernel panic, resulting in a system out of service (CAN-2004-0447) Has been reported, but it is unknown at present. still, ia64 Other architectures are not affected by these issues.Please refer to the \u201cOverview\u201d for the impact of this vulnerability. The Linux kernel is reported prone to a data-disclosure vulnerability. \nReportedly, this issue may permit a malicious executable to access the contents of floating-point registers that belong to another process. Linux is an open source operating system. Opened by (Arun Sharma) on 2004-05-28 17:46\n\nDescription of problem:\n\nLinux 2.4.x and the SLES9/ia64 kernels have a floating point leak. \n\nVersion-Release number of selected component (if applicable):\n\n2.4.21-12.EL. \n\nHow reproducible:\n\nRun N (= number of cpus) copies of the program secret and one copy of\nthe program check. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1069-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze, Dann Frazier\nMay 20th, 2006 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : kernel-source-2.4.18,kernel-image-2.4.18-1-alpha,kernel-image-2.4.18-1-i386,kernel-image-2.4.18-hppa,kernel-image-2.4.18-powerpc-xfs,kernel-patch-2.4.18-powerpc,kernel-patch-benh\nVulnerability : several\nProblem-Type : local/remote\nDebian-specific: no\nCVE IDs : CVE-2004-0427 CVE-2005-0489 CVE-2004-0394 CVE-2004-0447 CVE-2004-0554 CVE-2004-0565 CVE-2004-0685 CVE-2005-0001 CVE-2004-0883 CVE-2004-0949 CVE-2004-1016 CVE-2004-1333 CVE-2004-0997 CVE-2004-1335 CVE-2004-1017 CVE-2005-0124 CVE-2005-0528 CVE-2003-0984 CVE-2004-1070 CVE-2004-1071 CVE-2004-1072 CVE-2004-1073 CVE-2004-1074 CVE-2004-0138 CVE-2004-1068 CVE-2004-1234 CVE-2005-0003 CVE-2004-1235 CVE-2005-0504 CVE-2005-0384 CVE-2005-0135\n\nSeveral local and remote vulnerabilities have been discovered in the Linux\nkernel that may lead to a denial of service or the execution of arbitrary\ncode. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\n\n CVE-2004-0427\n\n A local denial of service vulnerability in do_fork() has been found. \n\n CVE-2005-0489\n\n A local denial of service vulnerability in proc memory handling has\n been found. \n\n CVE-2004-0394\n\n A buffer overflow in the panic handling code has been found. \n\n CVE-2004-0447\n\n A local denial of service vulnerability through a null pointer\n dereference in the IA64 process handling code has been found. \n\n CVE-2004-0554\n\n A local denial of service vulnerability through an infinite loop in\n the signal handler code has been found. \n\n CVE-2004-0685\n\n Unsafe use of copy_to_user in USB drivers may disclose sensitive\n information. \n\n CVE-2005-0001\n\n A race condition in the i386 page fault handler may allow privilege\n escalation. \n\n CVE-2004-0883\n\n Multiple vulnerabilities in the SMB filesystem code may allow denial\n of service of information disclosure. \n\n CVE-2004-0949\n\n An information leak discovered in the SMB filesystem code. \n\n CVE-2004-1016\n\n A local denial of service vulnerability has been found in the SCM layer. \n\n CVE-2004-1333\n\n An integer overflow in the terminal code may allow a local denial of\n service vulnerability. \n\n CVE-2004-0997\n\n A local privilege escalation in the MIPS assembly code has been found. \n \n CVE-2004-1335\n \n A memory leak in the ip_options_get() function may lead to denial of\n service. \n \n CVE-2004-1017\n\n Multiple overflows exist in the io_edgeport driver which might be usable\n as a denial of service attack vector. \n \n CVE-2005-0124\n\n Bryan Fulton reported a bounds checking bug in the coda_pioctl function\n which may allow local users to execute arbitrary code or trigger a denial\n of service attack. \n\n CVE-2005-0528\n\n A local privilege escalation in the mremap function has been found\n\n CVE-2003-0984\n\n Inproper initialization of the RTC may disclose information. \n\n CVE-2004-1070\n\n Insufficient input sanitising in the load_elf_binary() function may\n lead to privilege escalation. \n\n CVE-2004-1071\n\n Incorrect error handling in the binfmt_elf loader may lead to privilege\n escalation. \n\n CVE-2004-1072\n\n A buffer overflow in the binfmt_elf loader may lead to privilege\n escalation or denial of service. \n\n CVE-2004-1073\n\n The open_exec function may disclose information. \n\n CVE-2004-1074\n\n The binfmt code is vulnerable to denial of service through malformed\n a.out binaries. \n\n CVE-2004-0138\n\n A denial of service vulnerability in the ELF loader has been found. \n\n CVE-2004-1068\n\n A programming error in the unix_dgram_recvmsg() function may lead to\n privilege escalation. \n\n CVE-2004-1234\n\n The ELF loader is vulnerable to denial of service through malformed\n binaries. \n\n CVE-2005-0003\n\n Crafted ELF binaries may lead to privilege escalation, due to \n insufficient checking of overlapping memory regions. \n\n CVE-2004-1235\n\n A race condition in the load_elf_library() and binfmt_aout() functions\n may allow privilege escalation. \n\n CVE-2005-0504\n\n An integer overflow in the Moxa driver may lead to privilege escalation. \n\n CVE-2005-0384\n\n A remote denial of service vulnerability has been found in the PPP\n driver. \n\nThe following matrix explains which kernel version for which architecture\nfix the problems mentioned above:\n\n Debian 3.0 (woody)\n Source 2.4.18-14.4\n Alpha architecture 2.4.18-15woody1\n Intel IA-32 architecture 2.4.18-13.2\n HP Precision architecture 62.4 \n PowerPC architecture 2.4.18-1woody6\n PowerPC architecture/XFS 20020329woody1 \n PowerPC architecture/benh 20020304woody1\n Sun Sparc architecture 22woody1 \n\nWe recommend that you upgrade your kernel package immediately and reboot\nthe machine. \n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file. \n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get dist-upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration. \n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n\n These files will probably be moved into the stable distribution on\n its next update. \n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show \u003cpkg\u003e\u0027 and http://packages.debian.org/\u003cpkg\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.3 (GNU/Linux)\n\niD8DBQFEb9YGXm3vHE4uyloRAkhXAJ0e1RmUxVZSbQICFa/j07oKPfWRVwCeMrhj\nwYGegwosZg6xi3oI77opLQY=\n=eu/T\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-sparc-2.4_26woody1.dsc\n Size/MD5 checksum: 692 27f44a0eec5837b0b01d26c6cff392be\n http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-sparc-2.4_26woody1.tar.gz\n Size/MD5 checksum: 27768 6c719a6343c9ea0dad44a736b3842504\n http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody5.dsc\n Size/MD5 checksum: 792 d7c89c90fad77944ca1c5a18327f31dd\n http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody5.tar.gz\n Size/MD5 checksum: 1013866 21b4b677a7a319442c8fe8a4c72eb4c2\n http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19-4.woody3.dsc\n Size/MD5 checksum: 672 4c353db091e8edc4395e46cf8d39ec42\n http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19-4.woody3.diff.gz\n Size/MD5 checksum: 71071 7012adde9ba9a573e1be66f0d258721a\n http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19.orig.tar.gz\n Size/MD5 checksum: 32000211 237896fbb45ae652cc9c5cecc9b746da\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-headers-2.4.18-sparc_22woody1_all.deb\n Size/MD5 checksum: 1521850 75d23c7c54094b1d25d3b708fd644407\n http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-headers-2.4.19-sparc_26woody1_all.deb\n Size/MD5 checksum: 1547874 c6881b25e3a5967e0f6f9c351fb88962\n http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody5_all.deb\n Size/MD5 checksum: 1014564 0e89364c2816f5f4519256a8ea367ab6\n http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-doc-2.4.19_2.4.19-4.woody3_all.deb\n Size/MD5 checksum: 1785490 c66cef9e87d9a89caeee02af31e3c96d\n http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19-4.woody3_all.deb\n Size/MD5 checksum: 25902158 321403201a198371fd55c9b8ac4583f7\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-2.4.18-sun4u_22woody1_sparc.deb\n Size/MD5 checksum: 3923058 db7bbd997410667bec4ac713d81d60ea\n http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-2.4.18-sun4u-smp_22woody1_sparc.deb\n Size/MD5 checksum: 4044796 106fcb86485531d96b4fdada61b71405\n http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-2.4.19-sun4u_26woody1_sparc.deb\n Size/MD5 checksum: 3831424 347b0c290989f0cc99f3b336c156f61d\n http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-2.4.19-sun4u-smp_26woody1_sparc.deb\n Size/MD5 checksum: 3952220 f7dd8326c0ae0b0dee7c46e24023d0a2\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-headers-2.4.19_2.4.19-0.020911.1.woody5_mips.deb\n Size/MD5 checksum: 3890804 7348a8cd3961190aa2a19f562c96fe2f\n http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-image-2.4.19-r4k-ip22_2.4.19-0.020911.1.woody5_mips.deb\n Size/MD5 checksum: 2080618 d52d00e7097ae0c8f4ccb6f34656361d\n http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-image-2.4.19-r5k-ip22_2.4.19-0.020911.1.woody5_mips.deb\n Size/MD5 checksum: 2080830 db7141d3c0d86a43659176f974599cc2\n http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/mips-tools_2.4.19-0.020911.1.woody5_mips.deb\n Size/MD5 checksum: 15816 c31e3b72d6eac6f3f99f75ea838e0bf9\n\n These files will probably be moved into the stable distribution on\n its next update",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0565"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000211"
},
{
"db": "BID",
"id": "10687"
},
{
"db": "VULHUB",
"id": "VHN-8995"
},
{
"db": "PACKETSTORM",
"id": "33773"
},
{
"db": "PACKETSTORM",
"id": "46506"
},
{
"db": "PACKETSTORM",
"id": "46508"
},
{
"db": "PACKETSTORM",
"id": "46509"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2004-0565",
"trust": 3.2
},
{
"db": "BID",
"id": "10687",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "20202",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "20338",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "20162",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "20163",
"trust": 1.7
},
{
"db": "XF",
"id": "16644",
"trust": 1.4
},
{
"db": "BID",
"id": "10783",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000211",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200412-044",
"trust": 0.7
},
{
"db": "DEBIAN",
"id": "DSA-1069",
"trust": 0.6
},
{
"db": "DEBIAN",
"id": "DSA-1067",
"trust": 0.6
},
{
"db": "DEBIAN",
"id": "DSA-1070",
"trust": 0.6
},
{
"db": "DEBIAN",
"id": "DSA-1082",
"trust": 0.6
},
{
"db": "XF",
"id": "64",
"trust": 0.6
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:10714",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2004:504",
"trust": 0.6
},
{
"db": "MANDRAKE",
"id": "MDKSA-2004:066",
"trust": 0.6
},
{
"db": "MLIST",
"id": "[OWL-USERS] 20040619 LINUX 2.4.26-OW2",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "33773",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-8995",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "46506",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "46508",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "46509",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-8995"
},
{
"db": "BID",
"id": "10687"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000211"
},
{
"db": "PACKETSTORM",
"id": "33773"
},
{
"db": "PACKETSTORM",
"id": "46506"
},
{
"db": "PACKETSTORM",
"id": "46508"
},
{
"db": "PACKETSTORM",
"id": "46509"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-044"
},
{
"db": "NVD",
"id": "CVE-2004-0565"
}
]
},
"id": "VAR-200407-0196",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-8995"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T20:08:16.659000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "RHSA-2004:504",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2004-504.html"
},
{
"title": "RHSA-2004:413",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2004-413.html"
},
{
"title": "RHSA-2004:689",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2004-689.html"
},
{
"title": "RHSA-2004:689",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2004-689j.html"
},
{
"title": "RHSA-2004:504",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2004-504j.html"
},
{
"title": "RHSA-2004:413",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2004-413j.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000211"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0565"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/10687"
},
{
"trust": 2.0,
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124734"
},
{
"trust": 1.7,
"url": "http://www.debian.org/security/2006/dsa-1067"
},
{
"trust": 1.7,
"url": "http://www.debian.org/security/2006/dsa-1069"
},
{
"trust": 1.7,
"url": "http://www.debian.org/security/2006/dsa-1070"
},
{
"trust": 1.7,
"url": "http://www.debian.org/security/2006/dsa-1082"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdksa-2004:066"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/linux/owl/2004-q2/0038.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2004-504.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/20162"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/20163"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/20202"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/20338"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/16644"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10714"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16644"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-0565"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2004-0565"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/10783"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:10714"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-0565"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2004-504.html"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-0489"
},
{
"trust": 0.3,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-0394"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-0427"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-0554"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-0447"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-0124"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-0001"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-0997"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-1333"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2003-0984"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-0949"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-0883"
},
{
"trust": 0.3,
"url": "http://packages.debian.org/\u003cpkg\u003e"
},
{
"trust": 0.3,
"url": "http://security.debian.org/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-0685"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-1016"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-0528"
},
{
"trust": 0.3,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-1017"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-1335"
},
{
"trust": 0.2,
"url": "http://secunia.com/"
},
{
"trust": 0.2,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/k/kernel-source-2.4.16/kernel-doc-2.4.16_2.4.16-1woody3_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-netwinder/kernel-image-2.4.16-netwinder_20040419woody1.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-riscpc/kernel-image-2.4.16-riscpc_20040419woody1_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/k/kernel-source-2.4.16/kernel-source-2.4.16_2.4.16-1woody3.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-lart/kernel-image-2.4.16-lart_20040419woody1.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/k/kernel-source-2.4.16/kernel-source-2.4.16_2.4.16.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-netwinder/kernel-image-2.4.16-netwinder_20040419woody1_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-netwinder/kernel-headers-2.4.16_20040419woody1_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/k/kernel-source-2.4.16/kernel-source-2.4.16_2.4.16-1woody3.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-riscpc/kernel-image-2.4.16-riscpc_20040419woody1.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/k/kernel-source-2.4.16/kernel-source-2.4.16_2.4.16-1woody3_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-netwinder/kernel-image-2.4.16-netwinder_20040419woody1.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-riscpc/kernel-image-2.4.16-riscpc_20040419woody1.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-lart/kernel-image-2.4.16-lart_20040419woody1_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-lart/kernel-image-2.4.16-lart_20040419woody1.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-image-2.4.19-r5k-ip22_2.4.19-0.020911.1.woody5_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody5.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19-4.woody3.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-doc-2.4.19_2.4.19-4.woody3_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-sparc-2.4_26woody1.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19-4.woody3_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-2.4.19-sun4u_26woody1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/mips-tools_2.4.19-0.020911.1.woody5_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-sparc-2.4_26woody1.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody5_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19-4.woody3.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-image-2.4.19-r4k-ip22_2.4.19-0.020911.1.woody5_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-headers-2.4.18-sparc_22woody1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-2.4.18-sun4u-smp_22woody1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-headers-2.4.19_2.4.19-0.020911.1.woody5_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-2.4.18-sun4u_22woody1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody5.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-headers-2.4.19-sparc_26woody1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-2.4.19-sun4u-smp_26woody1_sparc.deb"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-8995"
},
{
"db": "BID",
"id": "10687"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000211"
},
{
"db": "PACKETSTORM",
"id": "33773"
},
{
"db": "PACKETSTORM",
"id": "46506"
},
{
"db": "PACKETSTORM",
"id": "46508"
},
{
"db": "PACKETSTORM",
"id": "46509"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-044"
},
{
"db": "NVD",
"id": "CVE-2004-0565"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-8995"
},
{
"db": "BID",
"id": "10687"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000211"
},
{
"db": "PACKETSTORM",
"id": "33773"
},
{
"db": "PACKETSTORM",
"id": "46506"
},
{
"db": "PACKETSTORM",
"id": "46508"
},
{
"db": "PACKETSTORM",
"id": "46509"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-044"
},
{
"db": "NVD",
"id": "CVE-2004-0565"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-12-06T00:00:00",
"db": "VULHUB",
"id": "VHN-8995"
},
{
"date": "2004-07-09T00:00:00",
"db": "BID",
"id": "10687"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000211"
},
{
"date": "2004-07-12T17:36:00",
"db": "PACKETSTORM",
"id": "33773"
},
{
"date": "2006-05-22T06:29:12",
"db": "PACKETSTORM",
"id": "46506"
},
{
"date": "2006-05-22T06:33:40",
"db": "PACKETSTORM",
"id": "46508"
},
{
"date": "2006-05-22T06:34:27",
"db": "PACKETSTORM",
"id": "46509"
},
{
"date": "2004-07-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-044"
},
{
"date": "2004-12-06T05:00:00",
"db": "NVD",
"id": "CVE-2004-0565"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-11T00:00:00",
"db": "VULHUB",
"id": "VHN-8995"
},
{
"date": "2007-01-17T21:30:00",
"db": "BID",
"id": "10687"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000211"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-044"
},
{
"date": "2017-10-11T01:29:28.480000",
"db": "NVD",
"id": "CVE-2004-0565"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "10687"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-044"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linux Kernel In FPH Vulnerabilities that do not check the process that owns",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000211"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "10687"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-044"
}
],
"trust": 0.9
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.