CVE-2004-0535

Current Description

The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources.

Basic Data

PublishedAugust 06, 2004
Last ModifiedOctober 11, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score2.1
SeverityLOW
Exploitability Score3.9
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationMandrakesoftMandrake Multi Network Firewall8.2*******
    2.3ApplicationSuseSuse Email Server3.1*******
    2.3ApplicationSuseSuse Email Serveriii*******
    2.3ApplicationSuseSuse Linux Admin-cd For Firewall********
    2.3ApplicationSuseSuse Linux Connectivity Server********
    2.3ApplicationSuseSuse Linux Database Server********
    2.3ApplicationSuseSuse Linux Firewall Cd********
    2.3ApplicationSuseSuse Linux Firewall Live-cd********
    2.3ApplicationSuseSuse Linux Office Server********
    2.3ApplicationSuseSuse Office Server********
    2.3OSConectivaLinux8.0*******
    2.3OSConectivaLinux9.0*******
    2.3OSEngardelinuxSecure Community2.0*******
    2.3OSEngardelinuxSecure Linux1.5*professional*****
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSGentooLinux1.4*******
    2.3OSLinuxLinux Kernel2.4.0*******
    2.3OSLinuxLinux Kernel2.4.0test1******
    2.3OSLinuxLinux Kernel2.4.0test10******
    2.3OSLinuxLinux Kernel2.4.0test11******
    2.3OSLinuxLinux Kernel2.4.0test12******
    2.3OSLinuxLinux Kernel2.4.0test2******
    2.3OSLinuxLinux Kernel2.4.0test3******
    2.3OSLinuxLinux Kernel2.4.0test4******
    2.3OSLinuxLinux Kernel2.4.0test5******
    2.3OSLinuxLinux Kernel2.4.0test6******
    2.3OSLinuxLinux Kernel2.4.0test7******
    2.3OSLinuxLinux Kernel2.4.0test8******
    2.3OSLinuxLinux Kernel2.4.0test9******
    2.3OSLinuxLinux Kernel2.4.1*******
    2.3OSLinuxLinux Kernel2.4.2*******
    2.3OSLinuxLinux Kernel2.4.3*******
    2.3OSLinuxLinux Kernel2.4.4*******
    2.3OSLinuxLinux Kernel2.4.5*******
    2.3OSLinuxLinux Kernel2.4.6*******
    2.3OSLinuxLinux Kernel2.4.7*******
    2.3OSLinuxLinux Kernel2.4.8*******
    2.3OSLinuxLinux Kernel2.4.9*******
    2.3OSLinuxLinux Kernel2.4.10*******
    2.3OSLinuxLinux Kernel2.4.11*******
    2.3OSLinuxLinux Kernel2.4.12*******
    2.3OSLinuxLinux Kernel2.4.13*******
    2.3OSLinuxLinux Kernel2.4.14*******
    2.3OSLinuxLinux Kernel2.4.15*******
    2.3OSLinuxLinux Kernel2.4.16*******
    2.3OSLinuxLinux Kernel2.4.17*******
    2.3OSLinuxLinux Kernel2.4.18*******
    2.3OSLinuxLinux Kernel2.4.18*x86*****
    2.3OSLinuxLinux Kernel2.4.18pre1******
    2.3OSLinuxLinux Kernel2.4.18pre2******
    2.3OSLinuxLinux Kernel2.4.18pre3******
    2.3OSLinuxLinux Kernel2.4.18pre4******
    2.3OSLinuxLinux Kernel2.4.18pre5******
    2.3OSLinuxLinux Kernel2.4.18pre6******
    2.3OSLinuxLinux Kernel2.4.18pre7******
    2.3OSLinuxLinux Kernel2.4.18pre8******
    2.3OSLinuxLinux Kernel2.4.19*******
    2.3OSLinuxLinux Kernel2.4.19pre1******
    2.3OSLinuxLinux Kernel2.4.19pre2******
    2.3OSLinuxLinux Kernel2.4.19pre3******
    2.3OSLinuxLinux Kernel2.4.19pre4******
    2.3OSLinuxLinux Kernel2.4.19pre5******
    2.3OSLinuxLinux Kernel2.4.19pre6******
    2.3OSLinuxLinux Kernel2.4.20*******
    2.3OSLinuxLinux Kernel2.4.21*******
    2.3OSLinuxLinux Kernel2.4.21pre1******
    2.3OSLinuxLinux Kernel2.4.21pre4******
    2.3OSLinuxLinux Kernel2.4.21pre7******
    2.3OSLinuxLinux Kernel2.4.22*******
    2.3OSLinuxLinux Kernel2.4.23*******
    2.3OSLinuxLinux Kernel2.4.23pre9******
    2.3OSLinuxLinux Kernel2.4.23_ow2*******
    2.3OSLinuxLinux Kernel2.4.24*******
    2.3OSLinuxLinux Kernel2.4.24_ow1*******
    2.3OSLinuxLinux Kernel2.4.25*******
    2.3OSLinuxLinux Kernel2.4.26*******
    2.3OSLinuxLinux Kernel2.4.27pre1******
    2.3OSMandrakesoftMandrake Linux9.1*******
    2.3OSMandrakesoftMandrake Linux9.1*ppc*****
    2.3OSMandrakesoftMandrake Linux9.2*******
    2.3OSMandrakesoftMandrake Linux9.2*amd64*****
    2.3OSMandrakesoftMandrake Linux10.0*******
    2.3OSMandrakesoftMandrake Linux10.0*amd64*****
    2.3OSMandrakesoftMandrake Linux Corporate Server2.1*******
    2.3OSMandrakesoftMandrake Linux Corporate Server2.1*x86_64*****
    2.3OSSuseSuse Linux7*enterprise_server*****
    2.3OSSuseSuse Linux8*enterprise_server*****
    2.3OSSuseSuse Linux8.0*******
    2.3OSSuseSuse Linux8.0*i386*****
    2.3OSSuseSuse Linux8.1*******
    2.3OSSuseSuse Linux8.2*******
    2.3OSSuseSuse Linux9.0*******
    2.3OSSuseSuse Linux9.0*x86_64*****
    2.3OSSuseSuse Linux9.1*******

Vulnerable Software List

VendorProductVersions
Conectiva Linux 8.0, 9.0
Mandrakesoft Mandrake Multi Network Firewall 8.2
Mandrakesoft Mandrake Linux 10.0, 9.1, 9.2
Mandrakesoft Mandrake Linux Corporate Server 2.1
Linux Linux Kernel 2.4.0, 2.4.1, 2.4.10, 2.4.11, 2.4.12, 2.4.13, 2.4.14, 2.4.15, 2.4.16, 2.4.17, 2.4.18, 2.4.19, 2.4.2, 2.4.20, 2.4.21, 2.4.22, 2.4.23, 2.4.23_ow2, 2.4.24, 2.4.24_ow1, 2.4.25, 2.4.26, 2.4.27, 2.4.3, 2.4.4, 2.4.5, 2.4.6, 2.4.7, 2.4.8, 2.4.9
Suse Suse Linux Office Server *
Suse Suse Office Server *
Suse Suse Linux 7, 8, 8.0, 8.1, 8.2, 9.0, 9.1
Suse Suse Email Server 3.1, iii
Suse Suse Linux Admin-cd For Firewall *
Suse Suse Linux Connectivity Server *
Suse Suse Linux Database Server *
Suse Suse Linux Firewall Live-cd *
Suse Suse Linux Firewall Cd *
Engardelinux Secure Community 2.0
Engardelinux Secure Linux 1.5
Gentoo Linux 1.4

References

NameSourceURLTags
20040804-01-Uftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.ascSGI
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=125168http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=125168CONFIRM
CLA-2004:845http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000845CONECTIVA
FEDORA-2004-186http://lwn.net/Articles/91155/FEDORA
GLSA-200407-02http://security.gentoo.org/glsa/glsa-200407-02.xmlGENTOOVendor Advisory
http://www.kernel.org/pub/linux/kernel/v2.4/testing/patch-2.4.27.loghttp://www.kernel.org/pub/linux/kernel/v2.4/testing/patch-2.4.27.logCONFIRM
MDKSA-2004:062http://www.mandriva.com/security/advisories?name=MDKSA-2004:062MANDRAKE
SUSE-SA:2004:020http://www.novell.com/linux/security/advisories/2004_20_kernel.htmlSUSE
RHSA-2004:413http://www.redhat.com/support/errata/RHSA-2004-413.htmlREDHATPATCH Vendor Advisory
RHSA-2004:418http://www.redhat.com/support/errata/RHSA-2004-418.htmlREDHAT
10352http://www.securityfocus.com/bid/10352BIDPATCH Vendor Advisory
linux-e1000-bo(16159)https://exchange.xforce.ibmcloud.com/vulnerabilities/16159XF
oval:org.mitre.oval:def:11136https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11136OVAL