CVE-2004-2731

Linux Kernel - Numeric Error

Title source: rule

Description

Multiple integer overflows in Sbus PROM driver (drivers/sbus/char/openprom.c) for the Linux kernel 2.4.x up to 2.4.27, 2.6.x up to 2.6.7, and possibly later versions, allow local users to execute arbitrary code by specifying (1) a small buffer size to the copyin_string function or (2) a negative buffer size to the copyin function.

References (9)

[Exploit] http://archives.neohapsis.com/archives/bugtraq/2004-06/0463.html

[Vendor Advisory] http://secunia.com/advisories/11981

[Exploit] http://www.securiteam.com/unixfocus/5GP0515DFW.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/10632

[Third Party Advisory] http://www.debian.org/security/2008/dsa-1503

[Third Party Advisory, VDB Entry] http://www.osvdb.org/7345

[Third Party Advisory, VDB Entry] http://www.osvdb.org/8363

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1010617

[Third Party Advisory] http://secunia.com/advisories/29058

Scores

EPSS 0.0014

EPSS Percentile 33.2%

Classification

CWE

CWE-189

Status draft

Affected Products (50)

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

... and 35 more

Timeline

Published Dec 31, 2004

Tracked Since Feb 18, 2026