CVE-2004-0109

Linux Kernel - Buffer Overflow

Title source: rule

Description

Buffer overflow in the ISO9660 file system component for Linux kernel 2.4.x, 2.5.x and 2.6.x, allows local users with physical access to overflow kernel memory and execute arbitrary code via a malformed CD containing a long symbolic link entry.

References (42)

[Patch, Vendor Advisory] ftp://patches.sgi.com/support/free/security/advisories/20040405-01-U.asc

[Mailing List] http://marc.info/?l=bugtraq&m=108213675028441&w=2

[Patch, Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2004-166.html

[Third Party Advisory, US Government Resource] http://www.ciac.org/ciac/bulletins/o-121.shtml

[Third Party Advisory, US Government Resource] http://www.ciac.org/ciac/bulletins/o-127.shtml

[Third Party Advisory] http://www.debian.org/security/2004/dsa-479

[Vendor Advisory] http://www.idefense.com/application/poi/display?id=101&type=vulnerabilities

[Patch, Vendor Advisory] http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2004-105.html

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2004-106.html

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2004-183.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/10141

[Various Sources] http://www.turbolinux.com/security/2004/TLSA-2004-14.txt

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/15866

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDKSA-2004:029

[Vendor Advisory] http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846

[Vendor Advisory] ftp://patches.sgi.com/support/free/security/advisories/20040504-01-U.asc

[Vendor Advisory] http://www.novell.com/linux/security/advisories/2004_09_kernel.html

[Third Party Advisory] http://www.debian.org/security/2004/dsa-480

[Third Party Advisory] http://www.debian.org/security/2004/dsa-481

... and 22 more

Scores

EPSS 0.0016

EPSS Percentile 36.6%

Classification

Status draft

Affected Products (3)

linux/linux_kernel

Timeline

Published Jun 01, 2004

Tracked Since Feb 18, 2026