Vulnerability Name:

CVE-2004-0003 (CCN-15029)

Assigned:2004-01-16
Published:2004-01-16
Updated:2017-10-11
Summary:Unknown vulnerability in Linux kernel before 2.4.22 allows local users to gain privileges, related to "R128 DRI limits checking."
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: CCN
Type: DSA 482-1
New Linux 2.4.17 packages fix local root exploit (source+powerpc/apus+s390)

Source: MITRE
Type: CNA
CVE-2004-0003

Source: CCN
Type: Conectiva Linux Announcement CLSA-2004:846
Fixes for kernel vulnerabilities

Source: CCN
Type: RHSA-2004-044
kernel security update

Source: CCN
Type: RHSA-2004-065
Updated kernel packages resolve security vulnerabilities

Source: CCN
Type: RHSA-2004-106
kernel security update

Source: CCN
Type: RHSA-2004-166
Updated kernel packages resolve security vulnerabilities

Source: CCN
Type: RHSA-2004-188
Updated kernel packages available for Red Hat Enterprise Linux 3 Update 2

Source: CCN
Type: SA10782
Linux Kernel R128 Direct Render Infrastructure Privilege Escalation

Source: SECUNIA
Type: UNKNOWN
10782

Source: CCN
Type: SA10911
Linux Kernel Vicam USB Driver Insecure Userspace Access

Source: SECUNIA
Type: UNKNOWN
10911

Source: CCN
Type: SA10912
Linux kernel ncpfs Privilege Escalation Vulnerability

Source: SECUNIA
Type: UNKNOWN
10912

Source: CCN
Type: SA11202
Linux Kernel Firewall Logging Rules Denial of Service Vulnerability

Source: SECUNIA
Type: UNKNOWN
11202

Source: CCN
Type: SA11361
Linux Kernel ISO9660 Buffer Overflow Privilege Escalation Vulnerability

Source: SECUNIA
Type: UNKNOWN
11361

Source: CCN
Type: SA11362
Linux Kernel File Systems Information Leak and Denial of Service

Source: SECUNIA
Type: UNKNOWN
11362

Source: SECUNIA
Type: UNKNOWN
11369

Source: SECUNIA
Type: UNKNOWN
11370

Source: SECUNIA
Type: UNKNOWN
11376

Source: CCN
Type: SA11464
Linux Kernel CPUFREQ Proc Handler Kernel Memory Disclosure Vulnerability

Source: SECUNIA
Type: UNKNOWN
11464

Source: CCN
Type: SA11891
Linux Kernel Various Drivers Userland Pointer Dereference Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
11891

Source: SECUNIA
Type: UNKNOWN
12075

Source: CCN
Type: CIAC Information Bulletin O-082
Red Hat Updated Kernel Packages Resolve Security Vulnerabilities

Source: CIAC
Type: UNKNOWN
O-082

Source: CCN
Type: CIAC Information Bulletin O-121
Debian linux-kernel-2.4.17 and 2.4.18 Vulnerabilities

Source: CIAC
Type: UNKNOWN
O-121

Source: CCN
Type: CIAC Information Bulletin O-126
Red Hat Updated Kernel Packages Fix Several Vulnerabilities

Source: CIAC
Type: UNKNOWN
O-126

Source: CCN
Type: CIAC Information Bulletin 0-127
Linux kernel Vulnerabilities

Source: CIAC
Type: UNKNOWN
O-127

Source: CCN
Type: CIAC Information Bulletin O-145
Red Hat Updated Kernel Packages for Enterprise Linux 3

Source: CIAC
Type: UNKNOWN
O-145

Source: DEBIAN
Type: UNKNOWN
DSA-479

Source: DEBIAN
Type: UNKNOWN
DSA-480

Source: DEBIAN
Type: UNKNOWN
DSA-481

Source: DEBIAN
Type: UNKNOWN
DSA-482

Source: DEBIAN
Type: UNKNOWN
DSA-489

Source: DEBIAN
Type: UNKNOWN
DSA-491

Source: DEBIAN
Type: UNKNOWN
DSA-495

Source: DEBIAN
Type: DSA 479-1
linux-kernel-2.4.18-alpha+i386+powerpc -- several vulnerabilities

Source: DEBIAN
Type: DSA 480-1
linux-kernel-2.4.17+2.4.18-hppa -- several vulnerabilities

Source: DEBIAN
Type: DSA 481-1
linux-kernel-2.4.17-ia64 -- several vulnerabilities

Source: DEBIAN
Type: DSA 491-1
linux-kernel-2.4.19-mips -- several vulnerabilities

Source: DEBIAN
Type: DSA-479
linux-kernel-2.4.18-alpha+i386+powerpc -- several vulnerabilities

Source: DEBIAN
Type: DSA-480
linux-kernel-2.4.17+2.4.18-hppa -- several vulnerabilities

Source: DEBIAN
Type: DSA-481
linux-kernel-2.4.17-ia64 -- several vulnerabilities

Source: DEBIAN
Type: DSA-482
linux-kernel-2.4.17-apus+s390 -- several vulnerabilities

Source: DEBIAN
Type: DSA-489
linux-kernel-2.4.17-mips+mipsel -- several vulnerabilities

Source: DEBIAN
Type: DSA-491
linux-kernel-2.4.19-mips -- several vulnerabilities

Source: DEBIAN
Type: DSA-495
linux-kernel-2.4.16-arm -- several vulnerabilities

Source: CCN
Type: Linux kernel Web site
The Linux Kernel Archives

Source: CCN
Type: Fedora Update Notification FEDORA-2003-056
Updated Fedora Core 1 testing kernel

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.linuxcompatible.org/print25630.html

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2004:029

Source: SUSE
Type: UNKNOWN
SuSE-SA:2004:005

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2004:044

Source: REDHAT
Type: UNKNOWN
RHSA-2004:065

Source: REDHAT
Type: UNKNOWN
RHSA-2004:106

Source: REDHAT
Type: UNKNOWN
RHSA-2004:166

Source: BID
Type: UNKNOWN
9570

Source: CCN
Type: BID-9570
Linux Kernel R128 Device Driver Unspecified Privilege Escalation Vulnerability

Source: CCN
Type: TLSA-2004-14
Multiple vulnerabilities within the kernel

Source: TURBO
Type: UNKNOWN
TLSA-2004-14

Source: XF
Type: UNKNOWN
linux-r128-gain-priviliges(15029)

Source: XF
Type: UNKNOWN
linux-r128-gain-priviliges(15029)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1017

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:834

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9204

Source: SUSE
Type: SUSE-SA:2004:005
Linux Kernel: local privilege escalation

Vulnerable Configuration:Configuration 1:
  • cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:* (Version <= 2.4.22)

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:linux:linux_kernel:2.4.3:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.4:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.5:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.6:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.18:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.20:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.22:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.7:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.21:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.0:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.1:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.10:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.11:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.12:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.13:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.14:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.15:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.16:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.17:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.19:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.2:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.8:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.9:*:*:*:*:*:*:*
  • AND
  • cpe:/a:suse:suse_linux_firewall:*:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_database_server:*:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_email_server:iii:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_connectivity_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_office_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_email_server:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:redhat:linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:aw:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.1::ppc:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2::amd64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20040003
    V
    		CVE-2004-0003
    2015-11-16
    oval:org.mitre.oval:def:9204
    V
    		Unknown vulnerability in Linux kernel before 2.4.22 allows local users to gain privileges, related to "R128 DRI limits checking."
    2013-04-29
    oval:org.mitre.oval:def:834
    V
    		Red Hat Kernel R128 DRI Limits Checking Vulnerability
    2007-04-25
    oval:org.mitre.oval:def:1017
    V
    		Red Hat Enterprise 3 Kernel R128 DRI Limits Checking Vulnerability
    2007-04-25
    oval:com.redhat.rhsa:def:20040188
    P
    		RHSA-2004:188: Updated kernel packages available for Red Hat Enterprise Linux 3 Update 2 (Important)
    2004-05-11
    oval:org.debian:def:495
    V
    		several vulnerabilities
    2004-04-26
    oval:org.debian:def:489
    V
    		several vulnerabilities
    2004-04-17
    oval:org.debian:def:491
    V
    		several vulnerabilities
    2004-04-17
    oval:org.debian:def:482
    V
    		several vulnerabilities
    2004-04-14
    oval:org.debian:def:479
    V
    		several vulnerabilities
    2004-04-14
    oval:org.debian:def:480
    V
    		several vulnerabilities
    2004-04-14
    oval:org.debian:def:481
    V
    		several vulnerabilities
    2004-04-14
    BACK
    linux linux kernel *
    linux linux kernel 2.4.3
    linux linux kernel 2.4.4
    linux linux kernel 2.4.5
    linux linux kernel 2.4.6
    linux linux kernel 2.4.18
    linux linux kernel 2.4.20
    linux linux kernel 2.4.22
    linux linux kernel 2.4.7
    linux linux kernel 2.4.21
    linux linux kernel 2.4.0
    linux linux kernel 2.4.1
    linux linux kernel 2.4.10
    linux linux kernel 2.4.11
    linux linux kernel 2.4.12
    linux linux kernel 2.4.13
    linux linux kernel 2.4.14
    linux linux kernel 2.4.15
    linux linux kernel 2.4.16
    linux linux kernel 2.4.17
    linux linux kernel 2.4.19
    linux linux kernel 2.4.2
    linux linux kernel 2.4.8
    linux linux kernel 2.4.9
    suse suse linux firewall *
    suse suse linux database server *
    suse suse email server iii
    suse suse linux connectivity server *
    suse suse linux 8.0
    conectiva linux 8.0
    debian debian linux 3.0
    suse suse linux office server *
    mandrakesoft mandrake linux 9.0
    suse suse email server 3.1
    suse suse linux 8.1
    suse linux enterprise server 8
    mandrakesoft mandrake multi network firewall 8.2
    mandrakesoft mandrake linux corporate server 2.1
    mandrakesoft mandrake linux 9.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat linux 9.0
    suse suse linux 8.2
    redhat enterprise linux 2.1
    conectiva linux 9.0
    suse suse linux 9.0
    mandrakesoft mandrake linux 9.2
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    mandrakesoft mandrake linux 10.0
    redhat linux advanced workstation 2.1
    mandrakesoft mandrake linux 9.1
    mandrakesoft mandrake linux 9.2
    mandrakesoft mandrake linux corporate server 2.1