Vulnerability CVE-2004-2536 - CERT Civis.Net

Vulnerability Name:

CVE-2004-2536 (CCN-16106)

Assigned:

2004-05-07

Published:

2004-05-07

Updated:

2017-07-11

Summary:

The exit_thread function (process.c) in Linux kernel 2.6 through 2.6.5 does not invalidate the per-TSS io_bitmap pointers if a process obtains IO access permissions from the ioperm function but does not drop those permissions when it exits, which allows other processes to access the per-TSS pointers, access restricted memory locations, and possibly gain privileges.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2004-2536

Source: CCN
Type: SA11577
Linux Kernel IO Bitmap Access Permissions Inheritance Vulnerability

Source: SECUNIA
Type: Vendor Advisory
11577

Source: CONFIRM
Type: UNKNOWN
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.6

Source: OSVDB
Type: UNKNOWN
5997

Source: CCN
Type: OSVDB ID: 59969
Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection

Source: CCN
Type: OSVDB ID: 5997
Linux Kernel IO Bitmap Access Permissions Inheritance

Source: BID
Type: UNKNOWN
10302

Source: CCN
Type: BID-10302
Linux Kernel Local IO Access Inheritance Vulnerability

Source: CCN
Type: Linux-Kernel Mailing List, Fri May 07 2004 - 10:11:51 EST
Bug in IO bitmap handling? Probably exploitable (2.6.5)

Source: MLIST
Type: Exploit, Patch
20040507 Bug in IO bitmap handling? Probably exploitable (2.6.5)

Source: CCN
Type: Linux-Kernel Mailing List, Fri May 07 2004 - 11:40:06 EST
Re: Bug in IO bitmap handling? Probably exploitable (2.6.5)

Source: MLIST
Type: UNKNOWN
20040507 Re: Bug in IO bitmap handling? Probably exploitable (2.6.5)

Source: XF
Type: UNKNOWN
linux-exitthread-gain-privileges(16106)

Source: XF
Type: UNKNOWN
linux-exitthread-gain-privileges(16106)

Vulnerable Configuration:

Configuration 1:

cpe:/o:linux:linux_kernel:2.6.0:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.1:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.1:rc1:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.1:rc2:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.2:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.3:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.4:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.5:-:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:linux:linux_kernel:2.6.2:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.1:rc2:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.1:rc1:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.0:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.1:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.3:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.4:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.5:-:*:*:*:*:*:*

Denotes that component is vulnerable