CVE-2004-1235

Current Description

Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.

Basic Data

PublishedApril 14, 2005
Last ModifiedOctober 11, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:H/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityHIGH
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score6.2
SeverityMEDIUM
Exploitability Score1.9
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationAvayaMn100********
    2.3ApplicationAvayaNetwork Routing********
    2.3HardwareAvayaConverged Communications Server2.0*******
    2.3HardwareAvayaS8710r2.0.0*******
    2.3HardwareAvayaS8710r2.0.1*******
    2.3OSAvayaModular Messaging Message Storage Server1.1*******
    2.3OSAvayaModular Messaging Message Storage Server2.0*******
    2.3OSLinuxLinux Kernel2.4.0*******
    2.3OSLinuxLinux Kernel2.4.0test1******
    2.3OSLinuxLinux Kernel2.4.0test10******
    2.3OSLinuxLinux Kernel2.4.0test11******
    2.3OSLinuxLinux Kernel2.4.0test12******
    2.3OSLinuxLinux Kernel2.4.0test2******
    2.3OSLinuxLinux Kernel2.4.0test3******
    2.3OSLinuxLinux Kernel2.4.0test4******
    2.3OSLinuxLinux Kernel2.4.0test5******
    2.3OSLinuxLinux Kernel2.4.0test6******
    2.3OSLinuxLinux Kernel2.4.0test7******
    2.3OSLinuxLinux Kernel2.4.0test8******
    2.3OSLinuxLinux Kernel2.4.0test9******
    2.3OSLinuxLinux Kernel2.4.1*******
    2.3OSLinuxLinux Kernel2.4.2*******
    2.3OSLinuxLinux Kernel2.4.3*******
    2.3OSLinuxLinux Kernel2.4.4*******
    2.3OSLinuxLinux Kernel2.4.5*******
    2.3OSLinuxLinux Kernel2.4.6*******
    2.3OSLinuxLinux Kernel2.4.7*******
    2.3OSLinuxLinux Kernel2.4.8*******
    2.3OSLinuxLinux Kernel2.4.9*******
    2.3OSLinuxLinux Kernel2.4.10*******
    2.3OSLinuxLinux Kernel2.4.11*******
    2.3OSLinuxLinux Kernel2.4.12*******
    2.3OSLinuxLinux Kernel2.4.13*******
    2.3OSLinuxLinux Kernel2.4.14*******
    2.3OSLinuxLinux Kernel2.4.15*******
    2.3OSLinuxLinux Kernel2.4.16*******
    2.3OSLinuxLinux Kernel2.4.17*******
    2.3OSLinuxLinux Kernel2.4.18*******
    2.3OSLinuxLinux Kernel2.4.18*x86*****
    2.3OSLinuxLinux Kernel2.4.18pre1******
    2.3OSLinuxLinux Kernel2.4.18pre2******
    2.3OSLinuxLinux Kernel2.4.18pre3******
    2.3OSLinuxLinux Kernel2.4.18pre4******
    2.3OSLinuxLinux Kernel2.4.18pre5******
    2.3OSLinuxLinux Kernel2.4.18pre6******
    2.3OSLinuxLinux Kernel2.4.18pre7******
    2.3OSLinuxLinux Kernel2.4.18pre8******
    2.3OSLinuxLinux Kernel2.4.19*******
    2.3OSLinuxLinux Kernel2.4.19pre1******
    2.3OSLinuxLinux Kernel2.4.19pre2******
    2.3OSLinuxLinux Kernel2.4.19pre3******
    2.3OSLinuxLinux Kernel2.4.19pre4******
    2.3OSLinuxLinux Kernel2.4.19pre5******
    2.3OSLinuxLinux Kernel2.4.19pre6******
    2.3OSLinuxLinux Kernel2.4.20*******
    2.3OSLinuxLinux Kernel2.4.21*******
    2.3OSLinuxLinux Kernel2.4.21pre1******
    2.3OSLinuxLinux Kernel2.4.21pre4******
    2.3OSLinuxLinux Kernel2.4.21pre7******
    2.3OSLinuxLinux Kernel2.4.22*******
    2.3OSLinuxLinux Kernel2.4.23*******
    2.3OSLinuxLinux Kernel2.4.23pre9******
    2.3OSLinuxLinux Kernel2.4.23_ow2*******
    2.3OSLinuxLinux Kernel2.4.24*******
    2.3OSLinuxLinux Kernel2.4.24_ow1*******
    2.3OSLinuxLinux Kernel2.4.25*******
    2.3OSLinuxLinux Kernel2.4.26*******
    2.3OSLinuxLinux Kernel2.4.27*******
    2.3OSLinuxLinux Kernel2.4.27pre1******
    2.3OSLinuxLinux Kernel2.4.27pre2******
    2.3OSLinuxLinux Kernel2.4.27pre3******
    2.3OSLinuxLinux Kernel2.4.27pre4******
    2.3OSLinuxLinux Kernel2.4.27pre5******
    2.3OSLinuxLinux Kernel2.4.28*******
    2.3OSLinuxLinux Kernel2.4.29rc2******
    2.3OSLinuxLinux Kernel2.6.0*******
    2.3OSLinuxLinux Kernel2.6.0test1******
    2.3OSLinuxLinux Kernel2.6.0test10******
    2.3OSLinuxLinux Kernel2.6.0test11******
    2.3OSLinuxLinux Kernel2.6.0test2******
    2.3OSLinuxLinux Kernel2.6.0test3******
    2.3OSLinuxLinux Kernel2.6.0test4******
    2.3OSLinuxLinux Kernel2.6.0test5******
    2.3OSLinuxLinux Kernel2.6.0test6******
    2.3OSLinuxLinux Kernel2.6.0test7******
    2.3OSLinuxLinux Kernel2.6.0test8******
    2.3OSLinuxLinux Kernel2.6.0test9******
    2.3OSLinuxLinux Kernel2.6.1*******
    2.3OSLinuxLinux Kernel2.6.1rc1******
    2.3OSLinuxLinux Kernel2.6.1rc2******
    2.3OSLinuxLinux Kernel2.6.2*******
    2.3OSLinuxLinux Kernel2.6.3*******
    2.3OSLinuxLinux Kernel2.6.4*******
    2.3OSLinuxLinux Kernel2.6.5*******
    2.3OSLinuxLinux Kernel2.6.6*******
    2.3OSLinuxLinux Kernel2.6.6rc1******
    2.3OSLinuxLinux Kernel2.6.7*******
    2.3OSLinuxLinux Kernel2.6.7rc1******
    2.3OSLinuxLinux Kernel2.6.8*******
    2.3OSLinuxLinux Kernel2.6.8rc1******
    2.3OSLinuxLinux Kernel2.6.8rc2******
    2.3OSLinuxLinux Kernel2.6.8rc3******
    2.3OSLinuxLinux Kernel2.6.92.6.20******
    2.3OSLinuxLinux Kernel2.6.10*******
    2.3OSLinuxLinux Kernel2.6.10rc2******
    2.3OSLinuxLinux Kernel2.6_test9_cvs*******
    2.3OSMandrakesoftMandrake Linux9.2*******
    2.3OSMandrakesoftMandrake Linux9.2*amd64*****
    2.3OSMandrakesoftMandrake Linux10.0*******
    2.3OSMandrakesoftMandrake Linux10.0*amd64*****
    2.3OSMandrakesoftMandrake Linux10.1*******
    2.3OSMandrakesoftMandrake Linux10.1*x86_64*****
    2.3OSMandrakesoftMandrake Linux Corporate Server2.1*******
    2.3OSMandrakesoftMandrake Linux Corporate Server2.1*x86_64*****
    2.3OSMandrakesoftMandrake Linux Corporate Server3.0*******
    2.3OSRedhatEnterprise Linux3.0*advanced_servers*****
    2.3OSRedhatEnterprise Linux3.0*enterprise_server*****
    2.3OSRedhatEnterprise Linux3.0*workstation*****
    2.3OSRedhatEnterprise Linux4.0*advanced_server*****
    2.3OSRedhatEnterprise Linux4.0*enterprise_server*****
    2.3OSRedhatEnterprise Linux4.0*workstation*****
    2.3OSRedhatEnterprise Linux Desktop3.0*******
    2.3OSRedhatEnterprise Linux Desktop4.0*******
    2.3OSRedhatFedora Corecore_1.0*******
    2.3OSRedhatFedora Corecore_2.0*******
    2.3OSRedhatFedora Corecore_3.0*******
    2.3OSRedhatLinux7.3*i386*****
    2.3OSRedhatLinux9.0*i386*****
    2.3OSSuseSuse Linux1.0*desktop*****
    2.3OSSuseSuse Linux8*enterprise_server*****
    2.3OSSuseSuse Linux8.1*******
    2.3OSSuseSuse Linux8.2*******
    2.3OSSuseSuse Linux9.0*******
    2.3OSSuseSuse Linux9.0*enterprise_server*****
    2.3OSSuseSuse Linux9.1*******
    2.3OSSuseSuse Linux9.2*******
    2.3OSUbuntuUbuntu Linux4.1*ia64*****
    2.3OSUbuntuUbuntu Linux4.1*ppc*****
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationAvayaIntuity Audix**lx*****
    2.3ApplicationMandrakesoftMandrake Multi Network Firewall8.2*******
    2.3HardwareAvayaS8300r2.0.0*******
    2.3HardwareAvayaS8300r2.0.1*******
    2.3HardwareAvayaS8500r2.0.0*******
    2.3HardwareAvayaS8500r2.0.1*******
    2.3HardwareAvayaS8700r2.0.0*******
    2.3HardwareAvayaS8700r2.0.1*******
    2.3OSConectivaLinux10.0*******

Vulnerable Software List

VendorProductVersions
Avaya Mn100 *
Avaya S8300 r2.0.0, r2.0.1
Avaya Network Routing *
Avaya S8710 r2.0.0, r2.0.1
Avaya Intuity Audix *
Avaya S8500 r2.0.0, r2.0.1
Avaya S8700 r2.0.0, r2.0.1
Avaya Modular Messaging Message Storage Server 1.1, 2.0
Avaya Converged Communications Server 2.0
Redhat Enterprise Linux 3.0, 4.0
Redhat Enterprise Linux Desktop 3.0, 4.0
Redhat Linux 7.3, 9.0
Redhat Fedora Core core_1.0, core_2.0, core_3.0
Ubuntu Ubuntu Linux 4.1
Conectiva Linux 10.0
Mandrakesoft Mandrake Multi Network Firewall 8.2
Mandrakesoft Mandrake Linux 10.0, 10.1, 9.2
Mandrakesoft Mandrake Linux Corporate Server 2.1, 3.0
Linux Linux Kernel 2.4.0, 2.4.1, 2.4.10, 2.4.11, 2.4.12, 2.4.13, 2.4.14, 2.4.15, 2.4.16, 2.4.17, 2.4.18, 2.4.19, 2.4.2, 2.4.20, 2.4.21, 2.4.22, 2.4.23, 2.4.23_ow2, 2.4.24, 2.4.24_ow1, 2.4.25, 2.4.26, 2.4.27, 2.4.28, 2.4.29, 2.4.3, 2.4.4, 2.4.5, 2.4.6, 2.4.7, 2.4.8, 2.4.9, 2.6.0, 2.6.1, 2.6.10, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 2.6.7, 2.6.8, 2.6.9, 2.6_test9_cvs
Suse Suse Linux 1.0, 8, 8.1, 8.2, 9.0, 9.1, 9.2

References

NameSourceURLTags
CLA-2005:930http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930CONECTIVA
http://isec.pl/vulnerabilities/isec-0021-uselib.txthttp://isec.pl/vulnerabilities/isec-0021-uselib.txtMISC
20050107 Linux kernel sys_uselib local root vulnerabilityhttp://marc.info/?l=bugtraq&m=110512575901427&w=2BUGTRAQ
20162http://secunia.com/advisories/20162SECUNIA
20163http://secunia.com/advisories/20163SECUNIA
20202http://secunia.com/advisories/20202SECUNIA
20338http://secunia.com/advisories/20338SECUNIA
DSA-1067http://www.debian.org/security/2006/dsa-1067DEBIAN
DSA-1069http://www.debian.org/security/2006/dsa-1069DEBIAN
DSA-1070http://www.debian.org/security/2006/dsa-1070DEBIAN
DSA-1082http://www.debian.org/security/2006/dsa-1082DEBIAN
MDKSA-2005:022http://www.mandriva.com/security/advisories?name=MDKSA-2005:022MANDRAKE
SUSE-SR:2005:001http://www.novell.com/linux/security/advisories/2005_01_sr.htmlSUSE
RHSA-2005:016http://www.redhat.com/support/errata/RHSA-2005-016.htmlREDHAT
RHSA-2005:017http://www.redhat.com/support/errata/RHSA-2005-017.htmlREDHAT
RHSA-2005:043http://www.redhat.com/support/errata/RHSA-2005-043.htmlREDHATPatch Vendor Advisory
RHSA-2005:092http://www.redhat.com/support/errata/RHSA-2005-092.htmlREDHAT
http://www.securityfocus.com/advisories/7804http://www.securityfocus.com/advisories/7804CONFIRM
FEDORA-2005-014http://www.securityfocus.com/advisories/7805FEDORA
FEDORA-2005-013http://www.securityfocus.com/advisories/7806FEDORA
12190http://www.securityfocus.com/bid/12190BIDExploit Patch Vendor Advisory
2005-0001http://www.trustix.org/errata/2005/0001/TRUSTIX
FLSA:2336https://bugzilla.fedora.us/show_bug.cgi?id=2336FEDORA
linux-uselib-gain-privileges(18800)https://exchange.xforce.ibmcloud.com/vulnerabilities/18800XF
oval:org.mitre.oval:def:9567https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9567OVAL