Vulnerability CVE-2004-0178

Vulnerability Name:

CVE-2004-0178 (CCN-15868)

Assigned:

2004-03-26

Published:

2004-03-26

Updated:

2017-10-11

Summary:

The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before 2.4.26, when operating in 16 bit mode, does not properly handle certain sample sizes, which allows local users to cause a denial of service (crash) via a sample with an odd number of bytes.

CVSS v3 Severity:

4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Denial of Service

References:

Source: SGI
Type: UNKNOWN
20040804-01-U

Source: CCN
Type: DSA 479-1
New Linux 2.4.18 packages fix local root exploit (source+alpha+i386+powerpc

Source: CCN
Type: DSA 480-1
New Linux 2.4.17 and 2.4.18 packages fix local root exploit (hppa)

Source: CCN
Type: DSA 481-1
New Linux 2.4.17 packages fix local root exploit (ia64)

Source: CCN
Type: DSA 482-1
New Linux 2.4.17 packages fix local root exploit (source+powerpc/apus+s390)

Source: MITRE
Type: CNA
CVE-2004-0178

Source: CONECTIVA
Type: UNKNOWN
CLA-2004:846

Source: CCN
Type: Conectiva Linux Announcement CLSA-2004:846
Fixes for kernel vulnerabilities

Source: MISC
Type: UNKNOWN
http://linux.bkbits.net:8080/linux-2.4/cset@404ce5967rY2Ryu6Z_uNbYh643wuFA

Source: CCN
Type: RHSA-2004-413
kernel security update

Source: CCN
Type: RHSA-2004-437
Updated kernel packages fix security vulnerability

Source: GENTOO
Type: UNKNOWN
GLSA-200407-02

Source: CCN
Type: CIAC Information Bulletin O-121
Debian linux-kernel-2.4.17 and 2.4.18 Vulnerabilities

Source: CIAC
Type: UNKNOWN
O-121

Source: CCN
Type: CIAC Information Bulletin 0-127
Linux kernel Vulnerabilities

Source: CIAC
Type: UNKNOWN
O-127

Source: CCN
Type: CIAC Information Bulletin 0-193
Linux Kernel Packages Updated

Source: CIAC
Type: UNKNOWN
O-193

Source: DEBIAN
Type: UNKNOWN
DSA-479

Source: DEBIAN
Type: UNKNOWN
DSA-480

Source: DEBIAN
Type: UNKNOWN
DSA-481

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-482

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-489

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-491

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-495

Source: DEBIAN
Type: DSA 491-1
linux-kernel-2.4.19-mips -- several vulnerabilities

Source: DEBIAN
Type: DSA-479
linux-kernel-2.4.18-alpha+i386+powerpc -- several vulnerabilities

Source: DEBIAN
Type: DSA-480
linux-kernel-2.4.17+2.4.18-hppa -- several vulnerabilities

Source: DEBIAN
Type: DSA-481
linux-kernel-2.4.17-ia64 -- several vulnerabilities

Source: DEBIAN
Type: DSA-482
linux-kernel-2.4.17-apus+s390 -- several vulnerabilities

Source: DEBIAN
Type: DSA-489
linux-kernel-2.4.17-mips+mipsel -- several vulnerabilities

Source: DEBIAN
Type: DSA-491
linux-kernel-2.4.19-mips -- several vulnerabilities

Source: DEBIAN
Type: DSA-495
linux-kernel-2.4.16-arm -- several vulnerabilities

Source: CCN
Type: GLSA-200407-02
Linux Kernel: Multiple vulnerabilities

Source: CCN
Type: Linux kernel Web site
The Linux Kernel Archives

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2004:029

Source: REDHAT
Type: UNKNOWN
RHSA-2004:413

Source: REDHAT
Type: UNKNOWN
RHSA-2004:437

Source: BID
Type: UNKNOWN
9985

Source: CCN
Type: BID-9985
Multiple Local Linux Kernel Vulnerabilities

Source: CCN
Type: TLSA-2004-14
Multiple vulnerabilities within the kernel

Source: XF
Type: UNKNOWN
linux-sound-blaster-dos(15868)

Source: XF
Type: UNKNOWN
linux-sound-blaster-dos(15868)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9427

Vulnerable Configuration:

Configuration 1:

cpe:/o:linux:linux_kernel:2.4.0:-:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:linux:linux_kernel:2.4.3:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.4.4:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.4.5:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.4.6:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.4.18:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.4.20:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.4.22:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.4.7:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.4.21:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.4.0:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.4.1:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.4.10:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.4.11:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.4.12:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.4.13:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.4.14:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.4.15:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.4.16:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.4.17:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.4.19:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.4.2:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.4.23:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.4.24:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.4.25:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.4.8:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.4.9:*:*:*:*:*:*:*

AND

cpe:/o:conectiva:linux:8.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*

OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:8.2:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*

OR cpe:/o:conectiva:linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:9.1:*:ppc:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:amd64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:x86_64:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:9427	V	The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before 2.4.26, when operating in 16 bit mode, does not properly handle certain sample sizes, which allows local users to cause a denial of service (crash) via a sample with an odd number of bytes.	2013-04-29
oval:com.redhat.rhsa:def:20040413	P	RHSA-2004:413: kernel security update (Important)	2004-08-03
oval:org.debian:def:495	V	several vulnerabilities	2004-04-26
oval:org.debian:def:489	V	several vulnerabilities	2004-04-17
oval:org.debian:def:491	V	several vulnerabilities	2004-04-17
oval:org.debian:def:482	V	several vulnerabilities	2004-04-14
oval:org.debian:def:479	V	several vulnerabilities	2004-04-14
oval:org.debian:def:480	V	several vulnerabilities	2004-04-14
oval:org.debian:def:481	V	several vulnerabilities	2004-04-14

BACK