Vulnerability Name:

CVE-2003-1040 (CCN-15577)

Assigned:2003-12-04
Published:2003-12-04
Updated:2018-08-13
Summary:kmod in the Linux kernel does not set its uid, suid, gid, or sgid to 0, which allows local users to cause a denial of service (crash) by sending certain signals to kmod.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: SGI
Type: UNKNOWN
20040204-01-U

Source: MITRE
Type: CNA
CVE-2003-1040

Source: CONECTIVA
Type: UNKNOWN
CLSA-2004:820

Source: CCN
Type: Conectiva Linux Announcement CLSA-2004:820
Fixes for kernel vulnerabilities

Source: CONFIRM
Type: Broken Link
http://linux.bkbits.net:8080/linux-2.4/diffs/kernel/kmod.c@1.6?nav=index.html|src/|src/kernel|hist/kernel/kmod.c

Source: CCN
Type: RHSA-2004-065
Updated kernel packages resolve security vulnerabilities

Source: CCN
Type: RHSA-2004-069
kernel security update

Source: CCN
Type: RHSA-2004-106
kernel security update

Source: CCN
Type: RHSA-2004-188
Updated kernel packages available for Red Hat Enterprise Linux 3 Update 2

Source: SUSE
Type: UNKNOWN
SuSE-SA:2003:049

Source: REDHAT
Type: UNKNOWN
RHSA-2004:065

Source: REDHAT
Type: UNKNOWN
RHSA-2004:069

Source: REDHAT
Type: UNKNOWN
RHSA-2004:106

Source: REDHAT
Type: UNKNOWN
RHSA-2004:188

Source: XF
Type: UNKNOWN
linux-kmod-signals-dos(15577)

Source: XF
Type: UNKNOWN
linux-kmod-signals-dos(15577)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9423

Vulnerable Configuration:Configuration 1:
  • cpe:/o:linux:linux_kernel:2.4.0:-:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:linux:linux_kernel:2.4.0:-:*:*:*:*:*:*
  • AND
  • cpe:/o:suse:suse_linux:7.3:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_firewall:*:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_database_server:*:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_email_server:iii:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_office_server:*:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_email_server:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:redhat:linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_school_server:-:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:9423
    V
    		kmod in the Linux kernel does not set its uid, suid, gid, or sgid to 0, which allows local users to cause a denial of service (crash) by sending certain signals to kmod.
    2013-04-29
    oval:com.redhat.rhsa:def:20040188
    P
    		RHSA-2004:188: Updated kernel packages available for Red Hat Enterprise Linux 3 Update 2 (Important)
    2004-05-11
    BACK
    linux linux kernel 2.4.0
    linux linux kernel 2.4.0
    suse suse linux 7.3
    suse suse linux firewall *
    suse suse linux database server *
    suse suse email server iii
    suse suse linux 8.0
    conectiva linux 8.0
    suse suse linux office server *
    suse suse email server 3.1
    suse suse linux 8.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat linux 9.0
    suse suse linux 8.2
    conectiva linux 9.0
    suse suse linux 9.0
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    suse suse linux school server -
    redhat linux advanced workstation 2.1