Vulnerability Name:

CVE-2004-0554 (CCN-16412)

Assigned:2004-06-09
Published:2004-06-09
Updated:2017-10-11
Summary:Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a "crash.c" program.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: Full-Disclosure Mailing List, Mon Jun 14 2004 - 10:19:16 CDT
repost: linux kernel local crash seen on slashdot

Source: MITRE
Type: CNA
CVE-2004-0554

Source: CONECTIVA
Type: UNKNOWN
CLA-2004:845

Source: CCN
Type: Conectiva Linux Security Announcement CLSA-2004:845
Fixes for kernel vulnerabilities

Source: MISC
Type: UNKNOWN
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=15905

Source: MISC
Type: UNKNOWN
http://linuxreviews.org/news/2004-06-11_kernel_crash/index.html

Source: CCN
Type: Linux Reviews News 2004-06-11
New Kernel Crash-Exploit discovered

Source: FEDORA
Type: UNKNOWN
FEDORA-2004-186

Source: BUGTRAQ
Type: UNKNOWN
20040620 TSSA-2004-011 - kernel

Source: ENGARDE
Type: UNKNOWN
ESA-20040621-005

Source: MLIST
Type: UNKNOWN
[linux-kernel] 20040609 timer + fpu stuff locks my console race

Source: CCN
Type: RHSA-2004-255
kernel security update

Source: CCN
Type: RHSA-2004-260
kernel security update

Source: SECUNIA
Type: UNKNOWN
20162

Source: SECUNIA
Type: UNKNOWN
20163

Source: SECUNIA
Type: UNKNOWN
20202

Source: SECUNIA
Type: UNKNOWN
20338

Source: GENTOO
Type: UNKNOWN
GLSA-200407-02

Source: CCN
Type: Slackware Security Advisories Tue, 15 Jun 2004 10:53:26 -0700 (PDT)
[slackware-security] kernel DoS (SSA:2004-167-01)

Source: CCN
Type: CIAC Information Bulletin O-164
Red Hat Updated Kernel Packages Fix Security Vulnerabilities

Source: DEBIAN
Type: UNKNOWN
DSA-1067

Source: DEBIAN
Type: UNKNOWN
DSA-1069

Source: DEBIAN
Type: UNKNOWN
DSA-1070

Source: DEBIAN
Type: UNKNOWN
DSA-1082

Source: DEBIAN
Type: DSA-1067
kernel-source-2.4.16 -- several vulnerabilities

Source: DEBIAN
Type: DSA-1069
kernel-source-2.4.18 -- several vulnerabilities

Source: DEBIAN
Type: DSA-1070
kernel-source-2.4.19 -- several vulnerabilities

Source: DEBIAN
Type: DSA-1082
kernel-source-2.4.17 -- several vulnerabilities

Source: CCN
Type: GLSA-200407-02
Linux Kernel: Multiple vulnerabilities

Source: CCN
Type: US-CERT VU#973654
Linux kernel fails to properly handle floating point signals generated by fsave and frstor

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#973654

Source: CCN
Type: Guardian Digital Security Advisory ESA-20040621-005
Several vulnerabilities

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2004:062

Source: SUSE
Type: UNKNOWN
SuSE-SA:2004:017

Source: REDHAT
Type: UNKNOWN
RHSA-2004:255

Source: REDHAT
Type: UNKNOWN
RHSA-2004:260

Source: BID
Type: UNKNOWN
10538

Source: CCN
Type: BID-10538
Linux Kernel Floating Point Exception Handler Local Denial Of Service Vulnerability

Source: CCN
Type: BID-10566
Linux Kernel Multiple Device Driver Vulnerabilities

Source: TRUSTIX
Type: UNKNOWN
2004-0034

Source: CCN
Type: TLSA-2004-18
kernel crash

Source: XF
Type: UNKNOWN
linux-fsave-frstor-dos(16412)

Source: XF
Type: UNKNOWN
linux-dos(16412)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:2915

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9426

Source: SUSE
Type: SUSE-SA:2004:017
Linux Kernel: local denial-of-service attack

Vulnerable Configuration:Configuration 1:
  • cpe:/h:avaya:converged_communications_server:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:avaya:modular_messaging_message_storage_server:s3400:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:1.4:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.18:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.19:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.21:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.22:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.23:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.24:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.25:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.26:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.0:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.1:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.1:rc1:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.1:rc2:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.2:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.3:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.4:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.5:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.6:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.6:rc1:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.7:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.7:rc1:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3.0:*:workstation:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7:*:enterprise_server:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.0:*:i386:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:avaya:intuity_audix:*:*:lx:*:*:*:*:*
  • OR cpe:/a:suse:suse_email_server:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_email_server:iii:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_admin-cd_for_firewall:*:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_connectivity_server:*:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_database_server:*:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_firewall_cd:*:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_office_server:*:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_office_server:*:*:*:*:*:*:*:*
  • OR cpe:/h:avaya:s8300:r2.0.0:*:*:*:*:*:*:*
  • OR cpe:/h:avaya:s8300:r2.0.1:*:*:*:*:*:*:*
  • OR cpe:/h:avaya:s8500:r2.0.0:*:*:*:*:*:*:*
  • OR cpe:/h:avaya:s8500:r2.0.1:*:*:*:*:*:*:*
  • OR cpe:/h:avaya:s8700:r2.0.0:*:*:*:*:*:*:*
  • OR cpe:/h:avaya:s8700:r2.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:9.0:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:linux:linux_kernel:2.4.18:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.22:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.6:rc1:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.21:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.19:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.23:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.24:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.25:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.26:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.2:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.7:rc1:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.1:rc2:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.1:rc1:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.1:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.3:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.4:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.5:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.6:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.7:-:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:engardelinux:secure_linux:-:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_database_server:*:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_connectivity_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:engardelinux:secure_professional:-:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_office_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:current:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:engardelinux:secure_community:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.1:*:ppc:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:amd64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:x86_64:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20040554
    V
    		CVE-2004-0554
    2015-11-16
    oval:org.mitre.oval:def:9426
    V
    		Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool.
    2013-04-29
    oval:org.debian:def:1082
    V
    		several vulnerabilities
    2006-05-29
    oval:org.debian:def:1070
    V
    		several vulnerabilities
    2006-05-21
    oval:org.debian:def:1067
    V
    		several vulnerabilities
    2006-05-20
    oval:org.debian:def:1069
    V
    		several vulnerabilities
    2006-05-20
    oval:org.mitre.oval:def:2915
    V
    		Linux Kernel Denial of Service Vulnerability via fsave and frstor Instructions
    2004-10-06
    oval:com.redhat.rhsa:def:20040255
    P
    		RHSA-2004:255: kernel security update (Important)
    2004-06-17
    BACK
    avaya converged communications server 2.0
    avaya modular messaging message storage server s3400
    gentoo linux 1.4
    linux linux kernel 2.4.18
    linux linux kernel 2.4.19
    linux linux kernel 2.4.21
    linux linux kernel 2.4.22
    linux linux kernel 2.4.23
    linux linux kernel 2.4.24
    linux linux kernel 2.4.25
    linux linux kernel 2.4.26
    linux linux kernel 2.6.0
    linux linux kernel 2.6.1
    linux linux kernel 2.6.1 rc1
    linux linux kernel 2.6.1 rc2
    linux linux kernel 2.6.2
    linux linux kernel 2.6.3
    linux linux kernel 2.6.4
    linux linux kernel 2.6.5
    linux linux kernel 2.6.6
    linux linux kernel 2.6.6 rc1
    linux linux kernel 2.6.7
    linux linux kernel 2.6.7 rc1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 3.0
    redhat enterprise linux 3.0
    redhat enterprise linux 3.0
    suse suse linux 7
    suse suse linux 8
    suse suse linux 8.0
    suse suse linux 8.0
    suse suse linux 8.1
    suse suse linux 8.2
    suse suse linux 9.0
    suse suse linux 9.0
    suse suse linux 9.1
    avaya intuity audix *
    suse suse email server 3.1
    suse suse email server iii
    suse suse linux admin-cd for firewall *
    suse suse linux connectivity server *
    suse suse linux database server *
    suse suse linux firewall cd *
    suse suse linux office server *
    suse suse office server *
    avaya s8300 r2.0.0
    avaya s8300 r2.0.1
    avaya s8500 r2.0.0
    avaya s8500 r2.0.1
    avaya s8700 r2.0.0
    avaya s8700 r2.0.1
    conectiva linux 8.0
    conectiva linux 9.0
    linux linux kernel 2.4.18
    linux linux kernel 2.4.22
    linux linux kernel 2.6.6 rc1
    linux linux kernel 2.4.21
    linux linux kernel 2.4.19
    linux linux kernel 2.4.23
    linux linux kernel 2.4.24
    linux linux kernel 2.4.25
    linux linux kernel 2.4.26
    linux linux kernel 2.6.2
    linux linux kernel 2.6.7 rc1
    linux linux kernel 2.6.1 rc2
    linux linux kernel 2.6.1 rc1
    linux linux kernel 2.6.1
    linux linux kernel 2.6.3
    linux linux kernel 2.6.4
    linux linux kernel 2.6.5
    linux linux kernel 2.6.6
    linux linux kernel 2.6.7
    redhat linux 3.0
    engardelinux secure linux -
    suse suse linux database server *
    suse suse linux connectivity server *
    suse suse linux 8.0
    conectiva linux 8.0
    debian debian linux 3.0
    slackware slackware linux 8.1
    engardelinux secure professional -
    gentoo linux *
    suse suse linux office server *
    suse suse linux 8.1
    mandrakesoft mandrake multi network firewall 8.2
    slackware slackware linux current
    mandrakesoft mandrake linux corporate server 2.1
    mandrakesoft mandrake linux 9.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    slackware slackware linux 9.0
    suse suse linux 8.2
    conectiva linux 9.0
    engardelinux secure community 2.0
    slackware slackware linux 9.1
    suse suse linux 9.0
    mandrakesoft mandrake linux 9.2
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    mandrakesoft mandrake linux 10.0
    suse suse linux 9.1
    redhat enterprise linux 3
    mandrakesoft mandrake linux 9.1
    mandrakesoft mandrake linux 9.2
    mandrakesoft mandrake linux 10.0
    mandrakesoft mandrake linux corporate server 2.1