Vulnerability Name:

CVE-2004-0109 (CCN-15866)

Assigned:2004-04-14
Published:2004-04-14
Updated:2017-10-11
Summary:Buffer overflow in the ISO9660 file system component for Linux kernel 2.4.x, 2.5.x and 2.6.x, allows local users with physical access to overflow kernel memory and execute arbitrary code via a malformed CD containing a long symbolic link entry.
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: SGI
Type: Patch, Vendor Advisory
20040405-01-U

Source: SGI
Type: UNKNOWN
20040504-01-U

Source: CCN
Type: DSA 479-1
New Linux 2.4.18 packages fix local root exploit (source+alpha+i386+powerpc

Source: CCN
Type: DSA 480-1
New Linux 2.4.17 and 2.4.18 packages fix local root exploit (hppa)

Source: CCN
Type: DSA 482-1
New Linux 2.4.17 packages fix local root exploit (source+powerpc/apus+s390)

Source: MITRE
Type: CNA
CVE-2004-0109

Source: CONECTIVA
Type: UNKNOWN
CLA-2004:846

Source: CCN
Type: Conectiva Linux Announcement CLSA-2004:846
Fixes for kernel vulnerabilities

Source: TRUSTIX
Type: UNKNOWN
2004-0020

Source: CCN
Type: RHSA-2004-105
kernel security update

Source: CCN
Type: RHSA-2004-106
kernel security update

Source: CCN
Type: RHSA-2004-166
Updated kernel packages resolve security vulnerabilities

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2004:166

Source: CCN
Type: RHSA-2004-183
kernel security update

Source: CCN
Type: SA11361
Linux Kernel ISO9660 Buffer Overflow Privilege Escalation Vulnerability

Source: SECUNIA
Type: UNKNOWN
11361

Source: CCN
Type: SA11362
Linux Kernel File Systems Information Leak and Denial of Service

Source: SECUNIA
Type: UNKNOWN
11362

Source: SECUNIA
Type: UNKNOWN
11373

Source: CCN
Type: SA11429
Linux Kernel setsockopt MCAST_MSFILTER Integer Overflow Vulnerability

Source: SECUNIA
Type: UNKNOWN
11429

Source: CCN
Type: SA11464
Linux Kernel CPUFREQ Proc Handler Kernel Memory Disclosure Vulnerability

Source: SECUNIA
Type: UNKNOWN
11464

Source: SECUNIA
Type: UNKNOWN
11469

Source: SECUNIA
Type: UNKNOWN
11470

Source: CCN
Type: SA11486
Linux Kernel Framebuffer Driver Direct Userspace Access Vulnerability

Source: SECUNIA
Type: UNKNOWN
11486

Source: SECUNIA
Type: UNKNOWN
11494

Source: CCN
Type: SA11518
PaX Denial of Service Vulnerability

Source: SECUNIA
Type: UNKNOWN
11518

Source: CCN
Type: SA11626
Linux Kernel e1000 Network Driver Kernel Memory Disclosure

Source: SECUNIA
Type: UNKNOWN
11626

Source: CCN
Type: SA11861
Linux Kernel "__clear_fpu()" Macro Denial of Service Vulnerability

Source: SECUNIA
Type: UNKNOWN
11861

Source: CCN
Type: SA11891
Linux Kernel Various Drivers Userland Pointer Dereference Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
11891

Source: CCN
Type: SA11986
RSBAC Privilege Escalation Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
11986

Source: SECUNIA
Type: UNKNOWN
12003

Source: GENTOO
Type: UNKNOWN
GLSA-200407-02

Source: CCN
Type: CIAC Information Bulletin O-121
Debian linux-kernel-2.4.17 and 2.4.18 Vulnerabilities

Source: CIAC
Type: UNKNOWN
O-121

Source: CCN
Type: CIAC Information Bulletin O-126
Red Hat Updated Kernel Packages Fix Several ulnerabilities

Source: CCN
Type: CIAC Information Bulletin 0-127
Linux kernel Vulnerabilities

Source: CIAC
Type: UNKNOWN
O-127

Source: DEBIAN
Type: UNKNOWN
DSA-479

Source: DEBIAN
Type: UNKNOWN
DSA-480

Source: DEBIAN
Type: UNKNOWN
DSA-481

Source: DEBIAN
Type: UNKNOWN
DSA-482

Source: DEBIAN
Type: UNKNOWN
DSA-489

Source: DEBIAN
Type: UNKNOWN
DSA-491

Source: DEBIAN
Type: UNKNOWN
DSA-495

Source: DEBIAN
Type: DSA 481-1
linux-kernel-2.4.17-ia64 -- several vulnerabilities

Source: DEBIAN
Type: DSA 491-1
linux-kernel-2.4.19-mips -- several vulnerabilities

Source: DEBIAN
Type: DSA-479
linux-kernel-2.4.18-alpha+i386+powerpc -- several vulnerabilities

Source: DEBIAN
Type: DSA-480
linux-kernel-2.4.17+2.4.18-hppa -- several vulnerabilities

Source: DEBIAN
Type: DSA-481
linux-kernel-2.4.17-ia64 -- several vulnerabilities

Source: DEBIAN
Type: DSA-482
linux-kernel-2.4.17-apus+s390 -- several vulnerabilities

Source: DEBIAN
Type: DSA-489
linux-kernel-2.4.17-mips+mipsel -- several vulnerabilities

Source: DEBIAN
Type: DSA-491
linux-kernel-2.4.19-mips -- several vulnerabilities

Source: DEBIAN
Type: DSA-495
linux-kernel-2.4.16-arm -- several vulnerabilities

Source: CCN
Type: GLSA-200407-02
Linux Kernel: Multiple vulnerabilities

Source: MISC
Type: Vendor Advisory
http://www.idefense.com/application/poi/display?id=101&type=vulnerabilities

Source: CCN
Type: Linux kernel Web site
The Linux Kernel Archives

Source: ENGARDE
Type: Patch, Vendor Advisory
ESA-20040428-004

Source: CCN
Type: Trustix Secure Linux Security Advisory #2004-0020
kernel

Source: CCN
Type: Guardian Digital Security Advisory ESA-20040428-004
kernel

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2004:029

Source: SUSE
Type: UNKNOWN
SuSE-SA:2004:009

Source: CCN
Type: OSVDB ID: 6307
Linux Kernel e1000 Network Driver Kernel Memory Disclosure

Source: REDHAT
Type: UNKNOWN
RHSA-2004:105

Source: REDHAT
Type: UNKNOWN
RHSA-2004:106

Source: REDHAT
Type: UNKNOWN
RHSA-2004:183

Source: BID
Type: UNKNOWN
10141

Source: CCN
Type: BID-10141
Linux Kernel ISO9660 File System Buffer Overflow Vulnerability

Source: CCN
Type: TLSA-2004-14
Multiple vulnerabilities within the kernel

Source: TURBO
Type: UNKNOWN
TLSA-2004-14

Source: XF
Type: UNKNOWN
linux-iso9660-bo(15866)

Source: XF
Type: UNKNOWN
linux-iso9660-bo(15866)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10733

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:940

Source: SUSE
Type: SUSE-SA:2004:009
Linux Kernel: local privilege escalation / information leakage

Vulnerable Configuration:Configuration 1:
  • cpe:/o:linux:linux_kernel:2.4.0:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.5.0:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.0:-:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:linux:linux_kernel:2.4.3:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.4:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.5:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.6:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.18:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.20:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.22:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.7:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.21:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.0:test1:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.0:test10:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.0:test11:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.0:test12:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.0:test2:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.0:test3:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.0:test4:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.0:test5:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.0:test6:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.0:test7:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.0:test8:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.0:test9:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.1:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.10:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.11:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.12:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.13:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.14:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.15:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.16:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.17:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.18:pre1:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.18:pre2:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.18:pre3:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.18:pre4:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.18:pre5:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.18:pre6:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.18:pre7:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.18:pre8:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.19:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.19::-pre1:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.19::-pre2:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.19::-pre3:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.19::-pre4:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.19::-pre5:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.19::-pre6:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.2:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.21::-pre1:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.21::-pre4:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.21::-pre7:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.23:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.23::-pre9:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.24:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.24::-ow1:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.25:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.8:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.9:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.5.0:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.18::x86:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.0:-:*:*:*:*:*:*
  • AND
  • cpe:/a:suse:suse_linux_database_server:*:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_connectivity_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_office_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:redhat:linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:aw:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:engardelinux:secure_community:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.1::ppc:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2::amd64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20040109
    V
    		CVE-2004-0109
    2015-11-16
    oval:org.mitre.oval:def:10733
    V
    		Buffer overflow in the ISO9660 file system component for Linux kernel 2.4.x, 2.5.x and 2.6.x, allows local users with physical access to overflow kernel memory and execute arbitrary code via a malformed CD containing a long symbolic link entry.
    2013-04-29
    oval:org.mitre.oval:def:940
    V
    		Linux Kernel ISO9660 File System Component BO
    2007-04-25
    oval:org.debian:def:495
    V
    		several vulnerabilities
    2004-04-26
    oval:com.redhat.rhsa:def:20040183
    P
    		RHSA-2004:183: kernel security update (Important)
    2004-04-22
    oval:org.debian:def:489
    V
    		several vulnerabilities
    2004-04-17
    oval:org.debian:def:491
    V
    		several vulnerabilities
    2004-04-17
    oval:org.debian:def:482
    V
    		several vulnerabilities
    2004-04-14
    oval:org.debian:def:479
    V
    		several vulnerabilities
    2004-04-14
    oval:org.debian:def:480
    V
    		several vulnerabilities
    2004-04-14
    oval:org.debian:def:481
    V
    		several vulnerabilities
    2004-04-14
    BACK
    linux linux kernel 2.4.0
    linux linux kernel 2.5.0
    linux linux kernel 2.6.0
    linux linux kernel 2.4.3
    linux linux kernel 2.4.4
    linux linux kernel 2.4.5
    linux linux kernel 2.4.6
    linux linux kernel 2.4.18
    linux linux kernel 2.4.20
    linux linux kernel 2.4.22
    linux linux kernel 2.4.7
    linux linux kernel 2.4.21
    linux linux kernel 2.4.0 test1
    linux linux kernel 2.4.0 test10
    linux linux kernel 2.4.0 test11
    linux linux kernel 2.4.0 test12
    linux linux kernel 2.4.0 test2
    linux linux kernel 2.4.0 test3
    linux linux kernel 2.4.0 test4
    linux linux kernel 2.4.0 test5
    linux linux kernel 2.4.0 test6
    linux linux kernel 2.4.0 test7
    linux linux kernel 2.4.0 test8
    linux linux kernel 2.4.0 test9
    linux linux kernel 2.4.1
    linux linux kernel 2.4.10
    linux linux kernel 2.4.11
    linux linux kernel 2.4.12
    linux linux kernel 2.4.13
    linux linux kernel 2.4.14
    linux linux kernel 2.4.15
    linux linux kernel 2.4.16
    linux linux kernel 2.4.17
    linux linux kernel 2.4.18 pre1
    linux linux kernel 2.4.18 pre2
    linux linux kernel 2.4.18 pre3
    linux linux kernel 2.4.18 pre4
    linux linux kernel 2.4.18 pre5
    linux linux kernel 2.4.18 pre6
    linux linux kernel 2.4.18 pre7
    linux linux kernel 2.4.18 pre8
    linux linux kernel 2.4.19
    linux linux kernel 2.4.19
    linux linux kernel 2.4.19
    linux linux kernel 2.4.19
    linux linux kernel 2.4.19
    linux linux kernel 2.4.19
    linux linux kernel 2.4.19
    linux linux kernel 2.4.2
    linux linux kernel 2.4.21
    linux linux kernel 2.4.21
    linux linux kernel 2.4.21
    linux linux kernel 2.4.23
    linux linux kernel 2.4.23
    linux linux kernel 2.4.24
    linux linux kernel 2.4.24
    linux linux kernel 2.4.25
    linux linux kernel 2.4.8
    linux linux kernel 2.4.9
    linux linux kernel 2.5.0
    linux linux kernel 2.4.18
    linux linux kernel 2.6.0
    suse suse linux database server *
    suse suse linux connectivity server *
    conectiva linux 8.0
    debian debian linux 3.0
    gentoo linux *
    suse suse linux office server *
    suse suse linux 8.1
    mandrakesoft mandrake multi network firewall 8.2
    mandrakesoft mandrake linux corporate server 2.1
    mandrakesoft mandrake linux 9.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat linux 9.0
    redhat enterprise linux 2.1
    conectiva linux 9.0
    trustix secure linux 2.0
    engardelinux secure community 2.0
    suse suse linux 9.0
    mandrakesoft mandrake linux 9.2
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    trustix secure linux 2.1
    mandrakesoft mandrake linux 10.0
    redhat linux advanced workstation 2.1
    mandrakesoft mandrake linux 9.1
    mandrakesoft mandrake linux 9.2
    mandrakesoft mandrake linux corporate server 2.1