Details of VAR-200406-0158

ID

VAR-200406-0158

CVE

CVE-2004-0554

TITLE

Linux Kernel Multiple Device Driver Vulnerabilities

Trust: 0.9

sources: BID: 10566 // CNNVD: CNNVD-200408-053

DESCRIPTION

Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a "crash.c" program. The Linux kernel contains a denial-of-service vulnerability that allows local users to disable affected hosts. Linux Kernel Stores the process state of the floating point unit / Used to restore FSAVE/FRSTOR There are deficiencies in the handling of instructions. This issue is due to a design error that causes the kernel to fail to properly handle floating-point exceptions. This issue may be leveraged by an attacker to cause the affected system to crash, denying service to legitimate users. Although only select Linux kernels are reported to be affected, it is likely that various other versions are vulnerable as well. These issues were found during a recent audit of the Linux kernel source. The following drivers are reportedly affected by these issues: aironet asus_acpi decnet mpu401 msnd pss These issues may reportedly allow attackers to access kernel memory or gain escalated privileges on the affected computer. Local attackers can exploit these vulnerabilities to elevate privileges or conduct denial-of-service attacks on the system. The affected device drivers are: aironet, asus_acpi, decnet, mpu401, msnd, and pss. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1069-1 security@debian.org http://www.debian.org/security/ Martin Schulze, Dann Frazier May 20th, 2006 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : kernel-source-2.4.18,kernel-image-2.4.18-1-alpha,kernel-image-2.4.18-1-i386,kernel-image-2.4.18-hppa,kernel-image-2.4.18-powerpc-xfs,kernel-patch-2.4.18-powerpc,kernel-patch-benh Vulnerability : several Problem-Type : local/remote Debian-specific: no CVE IDs : CVE-2004-0427 CVE-2005-0489 CVE-2004-0394 CVE-2004-0447 CVE-2004-0554 CVE-2004-0565 CVE-2004-0685 CVE-2005-0001 CVE-2004-0883 CVE-2004-0949 CVE-2004-1016 CVE-2004-1333 CVE-2004-0997 CVE-2004-1335 CVE-2004-1017 CVE-2005-0124 CVE-2005-0528 CVE-2003-0984 CVE-2004-1070 CVE-2004-1071 CVE-2004-1072 CVE-2004-1073 CVE-2004-1074 CVE-2004-0138 CVE-2004-1068 CVE-2004-1234 CVE-2005-0003 CVE-2004-1235 CVE-2005-0504 CVE-2005-0384 CVE-2005-0135 Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. CVE-2004-0394 A buffer overflow in the panic handling code has been found. CVE-2004-0565 An information leak in the context switch code has been found on the IA64 architecture. CVE-2004-0685 Unsafe use of copy_to_user in USB drivers may disclose sensitive information. CVE-2005-0001 A race condition in the i386 page fault handler may allow privilege escalation. CVE-2004-0883 Multiple vulnerabilities in the SMB filesystem code may allow denial of service of information disclosure. CVE-2004-0949 An information leak discovered in the SMB filesystem code. CVE-2004-0997 A local privilege escalation in the MIPS assembly code has been found. CVE-2004-1335 A memory leak in the ip_options_get() function may lead to denial of service. CVE-2004-1017 Multiple overflows exist in the io_edgeport driver which might be usable as a denial of service attack vector. CVE-2005-0124 Bryan Fulton reported a bounds checking bug in the coda_pioctl function which may allow local users to execute arbitrary code or trigger a denial of service attack. CVE-2005-0528 A local privilege escalation in the mremap function has been found CVE-2003-0984 Inproper initialization of the RTC may disclose information. CVE-2004-1070 Insufficient input sanitising in the load_elf_binary() function may lead to privilege escalation. CVE-2004-1071 Incorrect error handling in the binfmt_elf loader may lead to privilege escalation. CVE-2004-1072 A buffer overflow in the binfmt_elf loader may lead to privilege escalation or denial of service. CVE-2004-1073 The open_exec function may disclose information. CVE-2004-1074 The binfmt code is vulnerable to denial of service through malformed a.out binaries. CVE-2004-1068 A programming error in the unix_dgram_recvmsg() function may lead to privilege escalation. CVE-2004-1234 The ELF loader is vulnerable to denial of service through malformed binaries. CVE-2005-0003 Crafted ELF binaries may lead to privilege escalation, due to insufficient checking of overlapping memory regions. CVE-2004-1235 A race condition in the load_elf_library() and binfmt_aout() functions may allow privilege escalation. CVE-2005-0504 An integer overflow in the Moxa driver may lead to privilege escalation. The following matrix explains which kernel version for which architecture fix the problems mentioned above: Debian 3.0 (woody) Source 2.4.18-14.4 Alpha architecture 2.4.18-15woody1 Intel IA-32 architecture 2.4.18-13.2 HP Precision architecture 62.4 PowerPC architecture 2.4.18-1woody6 PowerPC architecture/XFS 20020329woody1 PowerPC architecture/benh 20020304woody1 Sun Sparc architecture 22woody1 We recommend that you upgrade your kernel package immediately and reboot the machine. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get dist-upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFEb9YGXm3vHE4uyloRAkhXAJ0e1RmUxVZSbQICFa/j07oKPfWRVwCeMrhj wYGegwosZg6xi3oI77opLQY= =eu/T -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-sparc-2.4_26woody1.dsc Size/MD5 checksum: 692 27f44a0eec5837b0b01d26c6cff392be http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-sparc-2.4_26woody1.tar.gz Size/MD5 checksum: 27768 6c719a6343c9ea0dad44a736b3842504 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody5.dsc Size/MD5 checksum: 792 d7c89c90fad77944ca1c5a18327f31dd http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody5.tar.gz Size/MD5 checksum: 1013866 21b4b677a7a319442c8fe8a4c72eb4c2 http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19-4.woody3.dsc Size/MD5 checksum: 672 4c353db091e8edc4395e46cf8d39ec42 http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19-4.woody3.diff.gz Size/MD5 checksum: 71071 7012adde9ba9a573e1be66f0d258721a http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19.orig.tar.gz Size/MD5 checksum: 32000211 237896fbb45ae652cc9c5cecc9b746da Architecture independent components: http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-headers-2.4.18-sparc_22woody1_all.deb Size/MD5 checksum: 1521850 75d23c7c54094b1d25d3b708fd644407 http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-headers-2.4.19-sparc_26woody1_all.deb Size/MD5 checksum: 1547874 c6881b25e3a5967e0f6f9c351fb88962 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody5_all.deb Size/MD5 checksum: 1014564 0e89364c2816f5f4519256a8ea367ab6 http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-doc-2.4.19_2.4.19-4.woody3_all.deb Size/MD5 checksum: 1785490 c66cef9e87d9a89caeee02af31e3c96d http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19-4.woody3_all.deb Size/MD5 checksum: 25902158 321403201a198371fd55c9b8ac4583f7 Sun Sparc architecture: http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-2.4.18-sun4u_22woody1_sparc.deb Size/MD5 checksum: 3923058 db7bbd997410667bec4ac713d81d60ea http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-2.4.18-sun4u-smp_22woody1_sparc.deb Size/MD5 checksum: 4044796 106fcb86485531d96b4fdada61b71405 http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-2.4.19-sun4u_26woody1_sparc.deb Size/MD5 checksum: 3831424 347b0c290989f0cc99f3b336c156f61d http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-2.4.19-sun4u-smp_26woody1_sparc.deb Size/MD5 checksum: 3952220 f7dd8326c0ae0b0dee7c46e24023d0a2 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-headers-2.4.19_2.4.19-0.020911.1.woody5_mips.deb Size/MD5 checksum: 3890804 7348a8cd3961190aa2a19f562c96fe2f http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-image-2.4.19-r4k-ip22_2.4.19-0.020911.1.woody5_mips.deb Size/MD5 checksum: 2080618 d52d00e7097ae0c8f4ccb6f34656361d http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-image-2.4.19-r5k-ip22_2.4.19-0.020911.1.woody5_mips.deb Size/MD5 checksum: 2080830 db7141d3c0d86a43659176f974599cc2 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/mips-tools_2.4.19-0.020911.1.woody5_mips.deb Size/MD5 checksum: 15816 c31e3b72d6eac6f3f99f75ea838e0bf9 These files will probably be moved into the stable distribution on its next update

Trust: 3.24

sources: NVD: CVE-2004-0554 // CERT/CC: VU#973654 // JVNDB: JVNDB-2004-000225 // BID: 10538 // BID: 10566 // VULHUB: VHN-8984 // PACKETSTORM: 46506 // PACKETSTORM: 46508 // PACKETSTORM: 46509

AFFECTED PRODUCTS

vendor:	suse	model:	linux	scope:	eq	version:	8.1	Trust: 2.2
vendor:	suse	model:	linux	scope:	eq	version:	8.0	Trust: 2.2
vendor:	linux	model:	kernel	scope:	eq	version:	2.6.6	Trust: 1.6
vendor:	linux	model:	kernel	scope:	eq	version:	2.6.5	Trust: 1.6
vendor:	linux	model:	kernel	scope:	eq	version:	2.6.4	Trust: 1.6
vendor:	linux	model:	kernel	scope:	eq	version:	2.6.3	Trust: 1.6
vendor:	linux	model:	kernel	scope:	eq	version:	2.6.2	Trust: 1.6
vendor:	linux	model:	kernel	scope:	eq	version:	2.6.1	Trust: 1.6
vendor:	linux	model:	kernel	scope:	eq	version:	2.4.26	Trust: 1.6
vendor:	linux	model:	kernel	scope:	eq	version:	2.4.25	Trust: 1.6
vendor:	linux	model:	kernel	scope:	eq	version:	2.4.24	Trust: 1.6
vendor:	linux	model:	kernel	scope:	eq	version:	2.4.23	Trust: 1.6
vendor:	linux	model:	kernel	scope:	eq	version:	2.4.22	Trust: 1.6
vendor:	linux	model:	kernel	scope:	eq	version:	2.4.21	Trust: 1.6
vendor:	linux	model:	kernel	scope:	eq	version:	2.4.19	Trust: 1.6
vendor:	linux	model:	kernel	scope:	eq	version:	2.4.18	Trust: 1.6
vendor:	gentoo	model:	linux	scope:	eq	version:	1.4	Trust: 1.6
vendor:	avaya	model:	converged communications server	scope:	eq	version:	2.0	Trust: 1.6
vendor:	suse	model:	linux	scope:	eq	version:	8	Trust: 1.6
vendor:	suse	model:	linux	scope:	eq	version:	7	Trust: 1.6
vendor:	suse	model:	linux	scope:	eq	version:	9.1	Trust: 1.3
vendor:	linux	model:	kernel	scope:	eq	version:	2.6.7	Trust: 1.3
vendor:	suse	model:	email server	scope:	eq	version:	3.1	Trust: 1.0
vendor:	avaya	model:	s8500	scope:	eq	version:	r2.0.0	Trust: 1.0
vendor:	avaya	model:	modular messaging message storage server	scope:	eq	version:	s3400	Trust: 1.0
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	3.0	Trust: 1.0
vendor:	avaya	model:	intuity audix	scope:	eq	version:	*	Trust: 1.0
vendor:	suse	model:	office server	scope:	eq	version:	*	Trust: 1.0
vendor:	suse	model:	linux connectivity server	scope:	eq	version:	*	Trust: 1.0
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	2.1	Trust: 1.0
vendor:	linux	model:	kernel	scope:	eq	version:	2.6.0	Trust: 1.0
vendor:	suse	model:	linux office server	scope:	eq	version:	*	Trust: 1.0
vendor:	avaya	model:	s8300	scope:	eq	version:	r2.0.0	Trust: 1.0
vendor:	avaya	model:	s8700	scope:	eq	version:	r2.0.0	Trust: 1.0
vendor:	suse	model:	linux	scope:	eq	version:	8.2	Trust: 1.0
vendor:	avaya	model:	s8500	scope:	eq	version:	r2.0.1	Trust: 1.0
vendor:	suse	model:	email server	scope:	eq	version:	iii	Trust: 1.0
vendor:	suse	model:	linux database server	scope:	eq	version:	*	Trust: 1.0
vendor:	conectiva	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	suse	model:	linux firewall cd	scope:	eq	version:	*	Trust: 1.0
vendor:	conectiva	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	suse	model:	linux admin-cd for firewall	scope:	eq	version:	*	Trust: 1.0
vendor:	suse	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	avaya	model:	s8300	scope:	eq	version:	r2.0.1	Trust: 1.0
vendor:	avaya	model:	s8700	scope:	eq	version:	r2.0.1	Trust: 1.0
vendor:	conectiva	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	guardian digital	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	mandrakesoft	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	red hat	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	slackware	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	suse	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	trustix secure linux	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	2.0	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	2.1	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	3.0	Trust: 0.8
vendor:	turbo linux	model:	turbolinux server	scope:	eq	version:	7	Trust: 0.8
vendor:	turbo linux	model:	turbolinux server	scope:	eq	version:	8	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	2.1 (as)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	2.1 (es)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	2.1 (ws)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	3 (as)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	3 (es)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	3 (ws)	Trust: 0.8
vendor:	s u s e	model:	linux office server	scope:	-	version:	-	Trust: 0.6
vendor:	s u s e	model:	linux firewall on cd	scope:	-	version:	-	Trust: 0.6
vendor:	s u s e	model:	linux database server	scope:	eq	version:	0	Trust: 0.6
vendor:	s u s e	model:	linux connectivity server	scope:	-	version:	-	Trust: 0.6
vendor:	s u s e	model:	linux admin-cd for firewall	scope:	-	version:	-	Trust: 0.6
vendor:	linux	model:	kernel rc1	scope:	eq	version:	2.6.7	Trust: 0.6
vendor:	linux	model:	kernel rc1	scope:	eq	version:	2.6.6	Trust: 0.6
vendor:	linux	model:	kernel -rc2	scope:	eq	version:	2.6.1	Trust: 0.6
vendor:	linux	model:	kernel -rc1	scope:	eq	version:	2.6.1	Trust: 0.6
vendor:	linux	model:	kernel	scope:	eq	version:	2.6	Trust: 0.6
vendor:	avaya	model:	s8700 r2.0.1	scope:	-	version:	-	Trust: 0.6
vendor:	avaya	model:	s8700 r2.0.0	scope:	-	version:	-	Trust: 0.6
vendor:	avaya	model:	s8500 r2.0.1	scope:	-	version:	-	Trust: 0.6
vendor:	avaya	model:	s8500 r2.0.0	scope:	-	version:	-	Trust: 0.6
vendor:	avaya	model:	s8300 r2.0.1	scope:	-	version:	-	Trust: 0.6
vendor:	avaya	model:	s8300 r2.0.0	scope:	-	version:	-	Trust: 0.6
vendor:	avaya	model:	s3400 message application server	scope:	eq	version:	0	Trust: 0.6
vendor:	avaya	model:	intuity lx	scope:	-	version:	-	Trust: 0.6
vendor:	tinysofa	model:	enterprise server -u1	scope:	eq	version:	1.0	Trust: 0.3
vendor:	tinysofa	model:	enterprise server	scope:	eq	version:	1.0	Trust: 0.3
vendor:	suse	model:	linux	scope:	eq	version:	9	Trust: 0.3
vendor:	mandriva	model:	linux mandrake amd64	scope:	eq	version:	10.0	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	10.0	Trust: 0.3
vendor:	mandriva	model:	linux mandrake amd64	scope:	eq	version:	9.2	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	9.2	Trust: 0.3
vendor:	mandriva	model:	linux mandrake ppc	scope:	eq	version:	9.1	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	9.1	Trust: 0.3
vendor:	mandrakesoft	model:	multi network firewall	scope:	eq	version:	2.0	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server x86 64	scope:	eq	version:	2.1	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server	scope:	eq	version:	2.1	Trust: 0.3
vendor:	linux	model:	kernel	scope:	eq	version:	2.4.20	Trust: 0.3
vendor:	engarde	model:	secure professional	scope:	eq	version:	1.5	Trust: 0.3
vendor:	engarde	model:	secure community	scope:	eq	version:	2.0	Trust: 0.3
vendor:	tinysofa	model:	enterprise server -u2	scope:	ne	version:	1.0	Trust: 0.3
vendor:	linux	model:	kernel	scope:	ne	version:	2.6.7	Trust: 0.3
vendor:	linux	model:	kernel	scope:	ne	version:	2.2.19	Trust: 0.3
vendor:	gentoo	model:	linux kernel pre6-gentoo	scope:	ne	version:	2.4.26	Trust: 0.3
vendor:	gentoo	model:	linux kernel -rc3-gentoo	scope:	ne	version:	2.4.26	Trust: 0.3
vendor:	trustix	model:	secure linux	scope:	eq	version:	2.1	Trust: 0.3
vendor:	trustix	model:	secure linux	scope:	eq	version:	2.0	Trust: 0.3
vendor:	trustix	model:	secure enterprise linux	scope:	eq	version:	2.0	Trust: 0.3
vendor:	suse	model:	linux enterprise server	scope:	eq	version:	8	Trust: 0.3
vendor:	suse	model:	linux enterprise server	scope:	eq	version:	7	Trust: 0.3
vendor:	suse	model:	linux i386	scope:	eq	version:	8.0	Trust: 0.3
vendor:	s u s e	model:	suse email server iii	scope:	-	version:	-	Trust: 0.3
vendor:	s u s e	model:	suse email server	scope:	eq	version:	3.1	Trust: 0.3
vendor:	s u s e	model:	office server	scope:	-	version:	-	Trust: 0.3
vendor:	s u s e	model:	linux personal	scope:	eq	version:	9.1	Trust: 0.3
vendor:	s u s e	model:	linux personal x86 64	scope:	eq	version:	9.0	Trust: 0.3
vendor:	s u s e	model:	linux personal	scope:	eq	version:	9.0	Trust: 0.3
vendor:	s u s e	model:	linux personal	scope:	eq	version:	8.2	Trust: 0.3
vendor:	redhat	model:	enterprise linux ws	scope:	eq	version:	3	Trust: 0.3
vendor:	redhat	model:	enterprise linux ws	scope:	eq	version:	2.1	Trust: 0.3
vendor:	redhat	model:	enterprise linux es	scope:	eq	version:	3	Trust: 0.3
vendor:	redhat	model:	enterprise linux es	scope:	eq	version:	2.1	Trust: 0.3
vendor:	redhat	model:	enterprise linux as	scope:	eq	version:	3	Trust: 0.3
vendor:	redhat	model:	enterprise linux as	scope:	eq	version:	2.1	Trust: 0.3
vendor:	redhat	model:	advanced workstation for the itanium processor ia64	scope:	eq	version:	2.1	Trust: 0.3
vendor:	debian	model:	linux sparc	scope:	eq	version:	3.0	Trust: 0.3
vendor:	debian	model:	linux s/390	scope:	eq	version:	3.0	Trust: 0.3
vendor:	debian	model:	linux ppc	scope:	eq	version:	3.0	Trust: 0.3
vendor:	debian	model:	linux mipsel	scope:	eq	version:	3.0	Trust: 0.3
vendor:	debian	model:	linux mips	scope:	eq	version:	3.0	Trust: 0.3
vendor:	debian	model:	linux m68k	scope:	eq	version:	3.0	Trust: 0.3
vendor:	debian	model:	linux ia-64	scope:	eq	version:	3.0	Trust: 0.3
vendor:	debian	model:	linux ia-32	scope:	eq	version:	3.0	Trust: 0.3
vendor:	debian	model:	linux hppa	scope:	eq	version:	3.0	Trust: 0.3
vendor:	debian	model:	linux arm	scope:	eq	version:	3.0	Trust: 0.3
vendor:	debian	model:	linux alpha	scope:	eq	version:	3.0	Trust: 0.3
vendor:	debian	model:	linux	scope:	eq	version:	3.0	Trust: 0.3

sources: CERT/CC: VU#973654 // BID: 10538 // BID: 10566 // JVNDB: JVNDB-2004-000225 // CNNVD: CNNVD-200408-053 // NVD: CVE-2004-0554

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-0554
value:	LOW
Trust: 1.0
CARNEGIE MELLON:	VU#973654
value:	11.81
Trust: 0.8
NVD:	CVE-2004-0554
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-200408-053
value:	LOW
Trust: 0.6
VULHUB:	VHN-8984
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2004-0554
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-8984
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#973654 // VULHUB: VHN-8984 // JVNDB: JVNDB-2004-000225 // CNNVD: CNNVD-200408-053 // NVD: CVE-2004-0554

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-0554

THREAT TYPE

local

Trust: 1.2

sources: BID: 10538 // BID: 10566 // CNNVD: CNNVD-200408-053

TYPE

Unknown

Trust: 0.9

sources: BID: 10566 // CNNVD: CNNVD-200408-053

CONFIGURATIONS

sources: JVNDB: JVNDB-2004-000225

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-8984

PATCH

title:	kernel_30	url:	http://www.miraclelinux.com/support/update/data/kernel_30.html	Trust: 0.8
title:	kernel_se20	url:	http://www.miraclelinux.com/support/update/data/kernel_se20.html	Trust: 0.8
title:	RHSA-2004:260	url:	https://rhn.redhat.com/errata/RHSA-2004-260.html	Trust: 0.8
title:	RHSA-2004:255	url:	https://rhn.redhat.com/errata/RHSA-2004-255.html	Trust: 0.8
title:	TLSA-2004-18	url:	http://www.turbolinux.com/security/2004/TLSA-2004-18.txt	Trust: 0.8
title:	RHSA-2004:260	url:	http://www.jp.redhat.com/support/errata/RHSA/RHSA-2004-260J.html	Trust: 0.8
title:	RHSA-2004:255	url:	http://www.jp.redhat.com/support/errata/RHSA/RHSA-2004-255J.html	Trust: 0.8
title:	TLSA-2004-18	url:	http://www.turbolinux.co.jp/security/2004/TLSA-2004-18j.txt	Trust: 0.8

sources: JVNDB: JVNDB-2004-000225

EXTERNAL IDS

db:	NVD	id:	CVE-2004-0554	Trust: 3.4
db:	CERT/CC	id:	VU#973654	Trust: 3.3
db:	BID	id:	10538	Trust: 2.8
db:	SECUNIA	id:	20202	Trust: 1.7
db:	SECUNIA	id:	20338	Trust: 1.7
db:	SECUNIA	id:	20162	Trust: 1.7
db:	SECUNIA	id:	20163	Trust: 1.7
db:	SECUNIA	id:	11861	Trust: 1.6
db:	XF	id:	16412	Trust: 1.4
db:	JVNDB	id:	JVNDB-2004-000225	Trust: 0.8
db:	CNNVD	id:	CNNVD-200408-053	Trust: 0.7
db:	DEBIAN	id:	DSA-1069	Trust: 0.6
db:	DEBIAN	id:	DSA-1070	Trust: 0.6
db:	DEBIAN	id:	DSA-1082	Trust: 0.6
db:	DEBIAN	id:	DSA-1067	Trust: 0.6
db:	REDHAT	id:	RHSA-2004:255	Trust: 0.6
db:	REDHAT	id:	RHSA-2004:260	Trust: 0.6
db:	MANDRAKE	id:	MDKSA-2004:062	Trust: 0.6
db:	CONECTIVA	id:	CLA-2004:845	Trust: 0.6
db:	BUGTRAQ	id:	20040620 TSSA-2004-011 - KERNEL	Trust: 0.6
db:	OVAL	id:	OVAL:ORG.MITRE.OVAL:DEF:9426	Trust: 0.6
db:	OVAL	id:	OVAL:ORG.MITRE.OVAL:DEF:2915	Trust: 0.6
db:	SUSE	id:	SUSE-SA:2004:017	Trust: 0.6
db:	TRUSTIX	id:	2004-0034	Trust: 0.6
db:	FEDORA	id:	FEDORA-2004-186	Trust: 0.6
db:	GENTOO	id:	GLSA-200407-02	Trust: 0.6
db:	ENGARDE	id:	ESA-20040621-005	Trust: 0.6
db:	MLIST	id:	[LINUX-KERNEL] 20040609 TIMER + FPU STUFF LOCKS MY CONSOLE RACE	Trust: 0.6
db:	BID	id:	10566	Trust: 0.3
db:	EXPLOIT-DB	id:	306	Trust: 0.1
db:	VULHUB	id:	VHN-8984	Trust: 0.1
db:	PACKETSTORM	id:	46506	Trust: 0.1
db:	PACKETSTORM	id:	46508	Trust: 0.1
db:	PACKETSTORM	id:	46509	Trust: 0.1

sources: CERT/CC: VU#973654 // VULHUB: VHN-8984 // BID: 10538 // BID: 10566 // JVNDB: JVNDB-2004-000225 // PACKETSTORM: 46506 // PACKETSTORM: 46508 // PACKETSTORM: 46509 // CNNVD: CNNVD-200408-053 // NVD: CVE-2004-0554

REFERENCES

url:	http://linuxreviews.org/news/2004-06-11_kernel_crash/index.html	Trust: 2.8
url:	http://www.securityfocus.com/bid/10538	Trust: 2.5
url:	http://www.kb.cert.org/vuls/id/973654	Trust: 2.5
url:	http://www.debian.org/security/2006/dsa-1067	Trust: 1.7
url:	http://www.debian.org/security/2006/dsa-1069	Trust: 1.7
url:	http://www.debian.org/security/2006/dsa-1070	Trust: 1.7
url:	http://www.debian.org/security/2006/dsa-1082	Trust: 1.7
url:	http://lwn.net/articles/91155/	Trust: 1.7
url:	http://security.gentoo.org/glsa/glsa-200407-02.xml	Trust: 1.7
url:	http://www.mandriva.com/security/advisories?name=mdksa-2004:062	Trust: 1.7
url:	http://gcc.gnu.org/bugzilla/show_bug.cgi?id=15905	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2004-255.html	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2004-260.html	Trust: 1.7
url:	http://secunia.com/advisories/20162	Trust: 1.7
url:	http://secunia.com/advisories/20163	Trust: 1.7
url:	http://secunia.com/advisories/20202	Trust: 1.7
url:	http://secunia.com/advisories/20338	Trust: 1.7
url:	http://www.novell.com/linux/security/advisories/2004_17_kernel.html	Trust: 1.7
url:	http://www.trustix.net/errata/2004/0034/	Trust: 1.7
url:	http://secunia.com/advisories/11861/	Trust: 1.6
url:	http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000845	Trust: 1.6
url:	http://xforce.iss.net/xforce/xfdb/16412	Trust: 1.4
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a2915	Trust: 1.1
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a9426	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/16412	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=108786114032681&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=108793699910896&w=2	Trust: 1.0
url:	http://marc.info/?l=linux-kernel&m=108681568931323&w=2	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-0554	Trust: 0.8
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2004-0554	Trust: 0.8
url:	http://rhn.redhat.com/errata/rhsa-2004-255.html	Trust: 0.6
url:	http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:9426	Trust: 0.6
url:	http://marc.theaimsgroup.com/?l=linux-kernel&m=108681568931323&w=2	Trust: 0.6
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=108793699910896&w=2	Trust: 0.6
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=108786114032681&w=2	Trust: 0.6
url:	http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:2915	Trust: 0.6
url:	http://rhn.redhat.com/errata/rhsa-2004-260.html	Trust: 0.3
url:	http://rhn.redhat.com/errata/rhsa-2004-327.html	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2005-0489	Trust: 0.3
url:	http://www.debian.org/security/faq	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2004-0394	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2004-0427	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2004-0554	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2004-0447	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2005-0124	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2005-0001	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2004-0997	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2004-0565	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2004-1333	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2003-0984	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2004-0949	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2004-0883	Trust: 0.3
url:	http://packages.debian.org/<pkg>	Trust: 0.3
url:	http://security.debian.org/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2004-0685	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2004-1016	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2005-0528	Trust: 0.3
url:	http://www.debian.org/security/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2004-1017	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2004-1335	Trust: 0.3
url:	http://secunia.com/	Trust: 0.2
url:	http://lists.grok.org.uk/full-disclosure-charter.html	Trust: 0.2
url:	http://marc.info/?l=bugtraq&m=108786114032681&w=2	Trust: 0.1
url:	http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000845	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=108793699910896&w=2	Trust: 0.1
url:	http://marc.info/?l=linux-kernel&m=108681568931323&w=2	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/k/kernel-source-2.4.16/kernel-doc-2.4.16_2.4.16-1woody3_all.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-netwinder/kernel-image-2.4.16-netwinder_20040419woody1.dsc	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-riscpc/kernel-image-2.4.16-riscpc_20040419woody1_arm.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/k/kernel-source-2.4.16/kernel-source-2.4.16_2.4.16-1woody3.diff.gz	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-lart/kernel-image-2.4.16-lart_20040419woody1.tar.gz	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/k/kernel-source-2.4.16/kernel-source-2.4.16_2.4.16.orig.tar.gz	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-netwinder/kernel-image-2.4.16-netwinder_20040419woody1_arm.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-netwinder/kernel-headers-2.4.16_20040419woody1_arm.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/k/kernel-source-2.4.16/kernel-source-2.4.16_2.4.16-1woody3.dsc	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-riscpc/kernel-image-2.4.16-riscpc_20040419woody1.tar.gz	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/k/kernel-source-2.4.16/kernel-source-2.4.16_2.4.16-1woody3_all.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-netwinder/kernel-image-2.4.16-netwinder_20040419woody1.tar.gz	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-riscpc/kernel-image-2.4.16-riscpc_20040419woody1.dsc	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-lart/kernel-image-2.4.16-lart_20040419woody1_arm.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-lart/kernel-image-2.4.16-lart_20040419woody1.dsc	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-image-2.4.19-r5k-ip22_2.4.19-0.020911.1.woody5_mips.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody5.tar.gz	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19-4.woody3.diff.gz	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-doc-2.4.19_2.4.19-4.woody3_all.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-sparc-2.4_26woody1.dsc	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19-4.woody3_all.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-2.4.19-sun4u_26woody1_sparc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/mips-tools_2.4.19-0.020911.1.woody5_mips.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-sparc-2.4_26woody1.tar.gz	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody5_all.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19-4.woody3.dsc	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-image-2.4.19-r4k-ip22_2.4.19-0.020911.1.woody5_mips.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-headers-2.4.18-sparc_22woody1_all.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-2.4.18-sun4u-smp_22woody1_sparc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-headers-2.4.19_2.4.19-0.020911.1.woody5_mips.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-2.4.18-sun4u_22woody1_sparc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody5.dsc	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19.orig.tar.gz	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-headers-2.4.19-sparc_26woody1_all.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-2.4.19-sun4u-smp_26woody1_sparc.deb	Trust: 0.1

CREDITS

Alexander Viro

Trust: 0.6

sources: CNNVD: CNNVD-200408-053

SOURCES

db:	CERT/CC	id:	VU#973654
db:	VULHUB	id:	VHN-8984
db:	BID	id:	10538
db:	BID	id:	10566
db:	JVNDB	id:	JVNDB-2004-000225
db:	PACKETSTORM	id:	46506
db:	PACKETSTORM	id:	46508
db:	PACKETSTORM	id:	46509
db:	CNNVD	id:	CNNVD-200408-053
db:	NVD	id:	CVE-2004-0554

LAST UPDATE DATE

2024-09-17T22:53:51.514000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#973654	date:	2004-08-23T00:00:00
db:	VULHUB	id:	VHN-8984	date:	2017-10-11T00:00:00
db:	BID	id:	10538	date:	2010-08-05T19:46:00
db:	BID	id:	10566	date:	2007-01-17T21:30:00
db:	JVNDB	id:	JVNDB-2004-000225	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200408-053	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2004-0554	date:	2017-10-11T01:29:28.200

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#973654	date:	2004-06-15T00:00:00
db:	VULHUB	id:	VHN-8984	date:	2004-08-06T00:00:00
db:	BID	id:	10538	date:	2004-06-14T00:00:00
db:	BID	id:	10566	date:	2004-06-18T00:00:00
db:	JVNDB	id:	JVNDB-2004-000225	date:	2007-04-01T00:00:00
db:	PACKETSTORM	id:	46506	date:	2006-05-22T06:29:12
db:	PACKETSTORM	id:	46508	date:	2006-05-22T06:33:40
db:	PACKETSTORM	id:	46509	date:	2006-05-22T06:34:27
db:	CNNVD	id:	CNNVD-200408-053	date:	2004-06-18T00:00:00
db:	NVD	id:	CVE-2004-0554	date:	2004-08-06T04:00:00