ID

VAR-200407-0196


CVE

CVE-2004-0565


TITLE

Linux Kernel In FPH Vulnerabilities that do not check the process that owns

Trust: 0.8

sources: JVNDB: JVNDB-2004-000211

DESCRIPTION

Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ Linux In the kernel, context switch code is used to switch computation processing between threads. Also, ia64 In architecture, FPH ( High-order register of floating point register ) Change information to user mask (UM) In the register MFH Store in register. this FPH If the register is changed, MFH A bit is set in the register. Local attackers who exploit this issue MFH It is possible to read the register values of other processes by creating a program that sets the bits. Also, ia64 In architecture Linux Kernel 2.4.x In certain circumstances, a local attacker could cause a kernel panic, resulting in a system out of service (CAN-2004-0447) Has been reported, but it is unknown at present. still, ia64 Other architectures are not affected by these issues.Please refer to the “Overview” for the impact of this vulnerability. The Linux kernel is reported prone to a data-disclosure vulnerability. Reportedly, this issue may permit a malicious executable to access the contents of floating-point registers that belong to another process. Linux is an open source operating system. Opened by (Arun Sharma) on 2004-05-28 17:46 Description of problem: Linux 2.4.x and the SLES9/ia64 kernels have a floating point leak. Version-Release number of selected component (if applicable): 2.4.21-12.EL. How reproducible: Run N (= number of cpus) copies of the program secret and one copy of the program check. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1069-1 security@debian.org http://www.debian.org/security/ Martin Schulze, Dann Frazier May 20th, 2006 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : kernel-source-2.4.18,kernel-image-2.4.18-1-alpha,kernel-image-2.4.18-1-i386,kernel-image-2.4.18-hppa,kernel-image-2.4.18-powerpc-xfs,kernel-patch-2.4.18-powerpc,kernel-patch-benh Vulnerability : several Problem-Type : local/remote Debian-specific: no CVE IDs : CVE-2004-0427 CVE-2005-0489 CVE-2004-0394 CVE-2004-0447 CVE-2004-0554 CVE-2004-0565 CVE-2004-0685 CVE-2005-0001 CVE-2004-0883 CVE-2004-0949 CVE-2004-1016 CVE-2004-1333 CVE-2004-0997 CVE-2004-1335 CVE-2004-1017 CVE-2005-0124 CVE-2005-0528 CVE-2003-0984 CVE-2004-1070 CVE-2004-1071 CVE-2004-1072 CVE-2004-1073 CVE-2004-1074 CVE-2004-0138 CVE-2004-1068 CVE-2004-1234 CVE-2005-0003 CVE-2004-1235 CVE-2005-0504 CVE-2005-0384 CVE-2005-0135 Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2004-0427 A local denial of service vulnerability in do_fork() has been found. CVE-2005-0489 A local denial of service vulnerability in proc memory handling has been found. CVE-2004-0394 A buffer overflow in the panic handling code has been found. CVE-2004-0447 A local denial of service vulnerability through a null pointer dereference in the IA64 process handling code has been found. CVE-2004-0554 A local denial of service vulnerability through an infinite loop in the signal handler code has been found. CVE-2004-0685 Unsafe use of copy_to_user in USB drivers may disclose sensitive information. CVE-2005-0001 A race condition in the i386 page fault handler may allow privilege escalation. CVE-2004-0883 Multiple vulnerabilities in the SMB filesystem code may allow denial of service of information disclosure. CVE-2004-0949 An information leak discovered in the SMB filesystem code. CVE-2004-1016 A local denial of service vulnerability has been found in the SCM layer. CVE-2004-1333 An integer overflow in the terminal code may allow a local denial of service vulnerability. CVE-2004-0997 A local privilege escalation in the MIPS assembly code has been found. CVE-2004-1335 A memory leak in the ip_options_get() function may lead to denial of service. CVE-2004-1017 Multiple overflows exist in the io_edgeport driver which might be usable as a denial of service attack vector. CVE-2005-0124 Bryan Fulton reported a bounds checking bug in the coda_pioctl function which may allow local users to execute arbitrary code or trigger a denial of service attack. CVE-2005-0528 A local privilege escalation in the mremap function has been found CVE-2003-0984 Inproper initialization of the RTC may disclose information. CVE-2004-1070 Insufficient input sanitising in the load_elf_binary() function may lead to privilege escalation. CVE-2004-1071 Incorrect error handling in the binfmt_elf loader may lead to privilege escalation. CVE-2004-1072 A buffer overflow in the binfmt_elf loader may lead to privilege escalation or denial of service. CVE-2004-1073 The open_exec function may disclose information. CVE-2004-1074 The binfmt code is vulnerable to denial of service through malformed a.out binaries. CVE-2004-0138 A denial of service vulnerability in the ELF loader has been found. CVE-2004-1068 A programming error in the unix_dgram_recvmsg() function may lead to privilege escalation. CVE-2004-1234 The ELF loader is vulnerable to denial of service through malformed binaries. CVE-2005-0003 Crafted ELF binaries may lead to privilege escalation, due to insufficient checking of overlapping memory regions. CVE-2004-1235 A race condition in the load_elf_library() and binfmt_aout() functions may allow privilege escalation. CVE-2005-0504 An integer overflow in the Moxa driver may lead to privilege escalation. CVE-2005-0384 A remote denial of service vulnerability has been found in the PPP driver. The following matrix explains which kernel version for which architecture fix the problems mentioned above: Debian 3.0 (woody) Source 2.4.18-14.4 Alpha architecture 2.4.18-15woody1 Intel IA-32 architecture 2.4.18-13.2 HP Precision architecture 62.4 PowerPC architecture 2.4.18-1woody6 PowerPC architecture/XFS 20020329woody1 PowerPC architecture/benh 20020304woody1 Sun Sparc architecture 22woody1 We recommend that you upgrade your kernel package immediately and reboot the machine. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get dist-upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFEb9YGXm3vHE4uyloRAkhXAJ0e1RmUxVZSbQICFa/j07oKPfWRVwCeMrhj wYGegwosZg6xi3oI77opLQY= =eu/T -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-sparc-2.4_26woody1.dsc Size/MD5 checksum: 692 27f44a0eec5837b0b01d26c6cff392be http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-sparc-2.4_26woody1.tar.gz Size/MD5 checksum: 27768 6c719a6343c9ea0dad44a736b3842504 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody5.dsc Size/MD5 checksum: 792 d7c89c90fad77944ca1c5a18327f31dd http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody5.tar.gz Size/MD5 checksum: 1013866 21b4b677a7a319442c8fe8a4c72eb4c2 http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19-4.woody3.dsc Size/MD5 checksum: 672 4c353db091e8edc4395e46cf8d39ec42 http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19-4.woody3.diff.gz Size/MD5 checksum: 71071 7012adde9ba9a573e1be66f0d258721a http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19.orig.tar.gz Size/MD5 checksum: 32000211 237896fbb45ae652cc9c5cecc9b746da Architecture independent components: http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-headers-2.4.18-sparc_22woody1_all.deb Size/MD5 checksum: 1521850 75d23c7c54094b1d25d3b708fd644407 http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-headers-2.4.19-sparc_26woody1_all.deb Size/MD5 checksum: 1547874 c6881b25e3a5967e0f6f9c351fb88962 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody5_all.deb Size/MD5 checksum: 1014564 0e89364c2816f5f4519256a8ea367ab6 http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-doc-2.4.19_2.4.19-4.woody3_all.deb Size/MD5 checksum: 1785490 c66cef9e87d9a89caeee02af31e3c96d http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19-4.woody3_all.deb Size/MD5 checksum: 25902158 321403201a198371fd55c9b8ac4583f7 Sun Sparc architecture: http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-2.4.18-sun4u_22woody1_sparc.deb Size/MD5 checksum: 3923058 db7bbd997410667bec4ac713d81d60ea http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-2.4.18-sun4u-smp_22woody1_sparc.deb Size/MD5 checksum: 4044796 106fcb86485531d96b4fdada61b71405 http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-2.4.19-sun4u_26woody1_sparc.deb Size/MD5 checksum: 3831424 347b0c290989f0cc99f3b336c156f61d http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-2.4.19-sun4u-smp_26woody1_sparc.deb Size/MD5 checksum: 3952220 f7dd8326c0ae0b0dee7c46e24023d0a2 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-headers-2.4.19_2.4.19-0.020911.1.woody5_mips.deb Size/MD5 checksum: 3890804 7348a8cd3961190aa2a19f562c96fe2f http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-image-2.4.19-r4k-ip22_2.4.19-0.020911.1.woody5_mips.deb Size/MD5 checksum: 2080618 d52d00e7097ae0c8f4ccb6f34656361d http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-image-2.4.19-r5k-ip22_2.4.19-0.020911.1.woody5_mips.deb Size/MD5 checksum: 2080830 db7141d3c0d86a43659176f974599cc2 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/mips-tools_2.4.19-0.020911.1.woody5_mips.deb Size/MD5 checksum: 15816 c31e3b72d6eac6f3f99f75ea838e0bf9 These files will probably be moved into the stable distribution on its next update

Trust: 2.34

sources: NVD: CVE-2004-0565 // JVNDB: JVNDB-2004-000211 // BID: 10687 // VULHUB: VHN-8995 // PACKETSTORM: 33773 // PACKETSTORM: 46506 // PACKETSTORM: 46508 // PACKETSTORM: 46509

AFFECTED PRODUCTS

vendor:mandrakesoftmodel:mandrake linux corporate serverscope:eqversion:2.1

Trust: 1.6

vendor:mandrakesoftmodel:mandrake linuxscope:eqversion:10.0

Trust: 1.6

vendor:mandrakesoftmodel:mandrake linuxscope:eqversion:9.2

Trust: 1.6

vendor:trustixmodel:secure linuxscope:eqversion:2.1

Trust: 1.3

vendor:trustixmodel:secure linuxscope:eqversion:2.0

Trust: 1.3

vendor:mandrakesoftmodel:mandrake linuxscope:eqversion:9.1

Trust: 1.0

vendor:trustixmodel:secure linuxscope:eqversion:2

Trust: 1.0

vendor:gentoomodel:linuxscope:eqversion:*

Trust: 1.0

vendor:linuxmodel:kernelscope:eqversion:2.4.0

Trust: 1.0

vendor:mandrakesoftmodel:mandrake multi network firewallscope:eqversion:8.2

Trust: 1.0

vendor:red hatmodel:enterprise linuxscope:eqversion:2.1 (as)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:3 (as)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:3 (es)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:3 (ws)

Trust: 0.8

vendor:trustixmodel:secure enterprise linuxscope:eqversion:2.0

Trust: 0.3

vendor:redhatmodel:enterprise linux ws ia64scope:eqversion:2.1

Trust: 0.3

vendor:redhatmodel:enterprise linux wsscope:eqversion:2.1

Trust: 0.3

vendor:redhatmodel:enterprise linux es ia64scope:eqversion:2.1

Trust: 0.3

vendor:redhatmodel:enterprise linux esscope:eqversion:2.1

Trust: 0.3

vendor:redhatmodel:enterprise linux as ia64scope:eqversion:2.1

Trust: 0.3

vendor:redhatmodel:enterprise linux asscope:eqversion:2.1

Trust: 0.3

vendor:redhatmodel:advanced workstation for the itanium processor ia64scope:eqversion:2.1

Trust: 0.3

vendor:redhatmodel:advanced workstation for the itanium processorscope:eqversion:2.1

Trust: 0.3

vendor:mandrivamodel:linux mandrake amd64scope:eqversion:10.0

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:10.0

Trust: 0.3

vendor:mandrivamodel:linux mandrake amd64scope:eqversion:9.2

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:9.2

Trust: 0.3

vendor:mandrivamodel:linux mandrake ppcscope:eqversion:9.1

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:9.1

Trust: 0.3

vendor:mandrakesoftmodel:multi network firewallscope:eqversion:2.0

Trust: 0.3

vendor:mandrakesoftmodel:corporate server x86 64scope:eqversion:2.1

Trust: 0.3

vendor:mandrakesoftmodel:corporate serverscope:eqversion:2.1

Trust: 0.3

vendor:linuxmodel:kernel -pre2scope:eqversion:2.4.27

Trust: 0.3

vendor:linuxmodel:kernel -pre1scope:eqversion:2.4.27

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.4.26

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.4.25

Trust: 0.3

vendor:linuxmodel:kernel -ow1scope:eqversion:2.4.24

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.4.24

Trust: 0.3

vendor:linuxmodel:kernel -pre9scope:eqversion:2.4.23

Trust: 0.3

vendor:linuxmodel:kernel -ow2scope:eqversion:2.4.23

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.4.23

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.4.22

Trust: 0.3

vendor:linuxmodel:kernel pre7scope:eqversion:2.4.21

Trust: 0.3

vendor:linuxmodel:kernel pre4scope:eqversion:2.4.21

Trust: 0.3

vendor:linuxmodel:kernel pre1scope:eqversion:2.4.21

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.4.21

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.4.20

Trust: 0.3

vendor:linuxmodel:kernel -pre6scope:eqversion:2.4.19

Trust: 0.3

vendor:linuxmodel:kernel -pre5scope:eqversion:2.4.19

Trust: 0.3

vendor:linuxmodel:kernel -pre4scope:eqversion:2.4.19

Trust: 0.3

vendor:linuxmodel:kernel -pre3scope:eqversion:2.4.19

Trust: 0.3

vendor:linuxmodel:kernel -pre2scope:eqversion:2.4.19

Trust: 0.3

vendor:linuxmodel:kernel -pre1scope:eqversion:2.4.19

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.4.19

Trust: 0.3

vendor:linuxmodel:kernel pre-8scope:eqversion:2.4.18

Trust: 0.3

vendor:linuxmodel:kernel pre-7scope:eqversion:2.4.18

Trust: 0.3

vendor:linuxmodel:kernel pre-6scope:eqversion:2.4.18

Trust: 0.3

vendor:linuxmodel:kernel pre-5scope:eqversion:2.4.18

Trust: 0.3

vendor:linuxmodel:kernel pre-4scope:eqversion:2.4.18

Trust: 0.3

vendor:linuxmodel:kernel pre-3scope:eqversion:2.4.18

Trust: 0.3

vendor:linuxmodel:kernel pre-2scope:eqversion:2.4.18

Trust: 0.3

vendor:linuxmodel:kernel pre-1scope:eqversion:2.4.18

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.4.18x86

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.4.18

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.4.17

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.4.16

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.4.15

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.4.14

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.4.13

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.4.12

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.4.11

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.4.10

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.4.9

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.4.8

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.4.7

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.4.6

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.4.5

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.4.4

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.4.3

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.4.2

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.4.1

Trust: 0.3

vendor:linuxmodel:kernel .0-test9scope:eqversion:2.4

Trust: 0.3

vendor:linuxmodel:kernel .0-test8scope:eqversion:2.4

Trust: 0.3

vendor:linuxmodel:kernel .0-test7scope:eqversion:2.4

Trust: 0.3

vendor:linuxmodel:kernel .0-test6scope:eqversion:2.4

Trust: 0.3

vendor:linuxmodel:kernel .0-test5scope:eqversion:2.4

Trust: 0.3

vendor:linuxmodel:kernel .0-test4scope:eqversion:2.4

Trust: 0.3

vendor:linuxmodel:kernel .0-test3scope:eqversion:2.4

Trust: 0.3

vendor:linuxmodel:kernel .0-test2scope:eqversion:2.4

Trust: 0.3

vendor:linuxmodel:kernel .0-test12scope:eqversion:2.4

Trust: 0.3

vendor:linuxmodel:kernel .0-test11scope:eqversion:2.4

Trust: 0.3

vendor:linuxmodel:kernel .0-test10scope:eqversion:2.4

Trust: 0.3

vendor:linuxmodel:kernel .0-test1scope:eqversion:2.4

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.4

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:3.0

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:3.0

Trust: 0.3

vendor:debianmodel:linux ppcscope:eqversion:3.0

Trust: 0.3

vendor:debianmodel:linux mipselscope:eqversion:3.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:3.0

Trust: 0.3

vendor:debianmodel:linux m68kscope:eqversion:3.0

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:3.0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:3.0

Trust: 0.3

vendor:debianmodel:linux hppascope:eqversion:3.0

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:3.0

Trust: 0.3

vendor:debianmodel:linux alphascope:eqversion:3.0

Trust: 0.3

vendor:debianmodel:linuxscope:eqversion:3.0

Trust: 0.3

sources: BID: 10687 // JVNDB: JVNDB-2004-000211 // CNNVD: CNNVD-200412-044 // NVD: CVE-2004-0565

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-0565
value: LOW

Trust: 1.0

NVD: CVE-2004-0565
value: LOW

Trust: 0.8

CNNVD: CNNVD-200412-044
value: LOW

Trust: 0.6

VULHUB: VHN-8995
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2004-0565
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-8995
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-8995 // JVNDB: JVNDB-2004-000211 // CNNVD: CNNVD-200412-044 // NVD: CVE-2004-0565

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-0565

THREAT TYPE

local

Trust: 0.9

sources: BID: 10687 // CNNVD: CNNVD-200412-044

TYPE

Design Error

Trust: 0.9

sources: BID: 10687 // CNNVD: CNNVD-200412-044

CONFIGURATIONS

sources: JVNDB: JVNDB-2004-000211

PATCH

title:RHSA-2004:504url:https://rhn.redhat.com/errata/RHSA-2004-504.html

Trust: 0.8

title:RHSA-2004:413url:https://rhn.redhat.com/errata/RHSA-2004-413.html

Trust: 0.8

title:RHSA-2004:689url:https://rhn.redhat.com/errata/RHSA-2004-689.html

Trust: 0.8

title:RHSA-2004:689url:http://www.jp.redhat.com/support/errata/RHSA/RHSA-2004-689J.html

Trust: 0.8

title:RHSA-2004:504url:http://www.jp.redhat.com/support/errata/RHSA/RHSA-2004-504J.html

Trust: 0.8

title:RHSA-2004:413url:http://www.jp.redhat.com/support/errata/RHSA/RHSA-2004-413J.html

Trust: 0.8

sources: JVNDB: JVNDB-2004-000211

EXTERNAL IDS

db:NVDid:CVE-2004-0565

Trust: 3.2

db:BIDid:10687

Trust: 2.8

db:SECUNIAid:20202

Trust: 1.7

db:SECUNIAid:20338

Trust: 1.7

db:SECUNIAid:20162

Trust: 1.7

db:SECUNIAid:20163

Trust: 1.7

db:XFid:16644

Trust: 1.4

db:BIDid:10783

Trust: 0.8

db:JVNDBid:JVNDB-2004-000211

Trust: 0.8

db:CNNVDid:CNNVD-200412-044

Trust: 0.7

db:DEBIANid:DSA-1069

Trust: 0.6

db:DEBIANid:DSA-1067

Trust: 0.6

db:DEBIANid:DSA-1070

Trust: 0.6

db:DEBIANid:DSA-1082

Trust: 0.6

db:XFid:64

Trust: 0.6

db:OVALid:OVAL:ORG.MITRE.OVAL:DEF:10714

Trust: 0.6

db:REDHATid:RHSA-2004:504

Trust: 0.6

db:MANDRAKEid:MDKSA-2004:066

Trust: 0.6

db:MLISTid:[OWL-USERS] 20040619 LINUX 2.4.26-OW2

Trust: 0.6

db:PACKETSTORMid:33773

Trust: 0.2

db:VULHUBid:VHN-8995

Trust: 0.1

db:PACKETSTORMid:46506

Trust: 0.1

db:PACKETSTORMid:46508

Trust: 0.1

db:PACKETSTORMid:46509

Trust: 0.1

sources: VULHUB: VHN-8995 // BID: 10687 // JVNDB: JVNDB-2004-000211 // PACKETSTORM: 33773 // PACKETSTORM: 46506 // PACKETSTORM: 46508 // PACKETSTORM: 46509 // CNNVD: CNNVD-200412-044 // NVD: CVE-2004-0565

REFERENCES

url:http://www.securityfocus.com/bid/10687

Trust: 2.5

url:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124734

Trust: 2.0

url:http://www.debian.org/security/2006/dsa-1067

Trust: 1.7

url:http://www.debian.org/security/2006/dsa-1069

Trust: 1.7

url:http://www.debian.org/security/2006/dsa-1070

Trust: 1.7

url:http://www.debian.org/security/2006/dsa-1082

Trust: 1.7

url:http://www.mandriva.com/security/advisories?name=mdksa-2004:066

Trust: 1.7

url:http://archives.neohapsis.com/archives/linux/owl/2004-q2/0038.html

Trust: 1.7

url:http://www.redhat.com/support/errata/rhsa-2004-504.html

Trust: 1.7

url:http://secunia.com/advisories/20162

Trust: 1.7

url:http://secunia.com/advisories/20163

Trust: 1.7

url:http://secunia.com/advisories/20202

Trust: 1.7

url:http://secunia.com/advisories/20338

Trust: 1.7

url:http://xforce.iss.net/xforce/xfdb/16644

Trust: 1.4

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10714

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/16644

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-0565

Trust: 0.8

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2004-0565

Trust: 0.8

url:http://www.securityfocus.com/bid/10783

Trust: 0.8

url:http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:10714

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2004-0565

Trust: 0.4

url:http://rhn.redhat.com/errata/rhsa-2004-504.html

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2005-0489

Trust: 0.3

url:http://www.debian.org/security/faq

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2004-0394

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2004-0427

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2004-0554

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2004-0447

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2005-0124

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2005-0001

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2004-0997

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2004-1333

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2003-0984

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2004-0949

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2004-0883

Trust: 0.3

url:http://packages.debian.org/<pkg>

Trust: 0.3

url:http://security.debian.org/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2004-0685

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2004-1016

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2005-0528

Trust: 0.3

url:http://www.debian.org/security/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2004-1017

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2004-1335

Trust: 0.3

url:http://secunia.com/

Trust: 0.2

url:http://lists.grok.org.uk/full-disclosure-charter.html

Trust: 0.2

url:http://security.debian.org/pool/updates/main/k/kernel-source-2.4.16/kernel-doc-2.4.16_2.4.16-1woody3_all.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-netwinder/kernel-image-2.4.16-netwinder_20040419woody1.dsc

Trust: 0.1

url:http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-riscpc/kernel-image-2.4.16-riscpc_20040419woody1_arm.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/k/kernel-source-2.4.16/kernel-source-2.4.16_2.4.16-1woody3.diff.gz

Trust: 0.1

url:http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-lart/kernel-image-2.4.16-lart_20040419woody1.tar.gz

Trust: 0.1

url:http://security.debian.org/pool/updates/main/k/kernel-source-2.4.16/kernel-source-2.4.16_2.4.16.orig.tar.gz

Trust: 0.1

url:http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-netwinder/kernel-image-2.4.16-netwinder_20040419woody1_arm.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-netwinder/kernel-headers-2.4.16_20040419woody1_arm.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/k/kernel-source-2.4.16/kernel-source-2.4.16_2.4.16-1woody3.dsc

Trust: 0.1

url:http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-riscpc/kernel-image-2.4.16-riscpc_20040419woody1.tar.gz

Trust: 0.1

url:http://security.debian.org/pool/updates/main/k/kernel-source-2.4.16/kernel-source-2.4.16_2.4.16-1woody3_all.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-netwinder/kernel-image-2.4.16-netwinder_20040419woody1.tar.gz

Trust: 0.1

url:http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-riscpc/kernel-image-2.4.16-riscpc_20040419woody1.dsc

Trust: 0.1

url:http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-lart/kernel-image-2.4.16-lart_20040419woody1_arm.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-lart/kernel-image-2.4.16-lart_20040419woody1.dsc

Trust: 0.1

url:http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-image-2.4.19-r5k-ip22_2.4.19-0.020911.1.woody5_mips.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody5.tar.gz

Trust: 0.1

url:http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19-4.woody3.diff.gz

Trust: 0.1

url:http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-doc-2.4.19_2.4.19-4.woody3_all.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-sparc-2.4_26woody1.dsc

Trust: 0.1

url:http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19-4.woody3_all.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-2.4.19-sun4u_26woody1_sparc.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/mips-tools_2.4.19-0.020911.1.woody5_mips.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-sparc-2.4_26woody1.tar.gz

Trust: 0.1

url:http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody5_all.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19-4.woody3.dsc

Trust: 0.1

url:http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-image-2.4.19-r4k-ip22_2.4.19-0.020911.1.woody5_mips.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-headers-2.4.18-sparc_22woody1_all.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-2.4.18-sun4u-smp_22woody1_sparc.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-headers-2.4.19_2.4.19-0.020911.1.woody5_mips.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-2.4.18-sun4u_22woody1_sparc.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody5.dsc

Trust: 0.1

url:http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19.orig.tar.gz

Trust: 0.1

url:http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-headers-2.4.19-sparc_26woody1_all.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-2.4.19-sun4u-smp_26woody1_sparc.deb

Trust: 0.1

sources: VULHUB: VHN-8995 // BID: 10687 // JVNDB: JVNDB-2004-000211 // PACKETSTORM: 33773 // PACKETSTORM: 46506 // PACKETSTORM: 46508 // PACKETSTORM: 46509 // CNNVD: CNNVD-200412-044 // NVD: CVE-2004-0565

CREDITS

Arun Sharma

Trust: 0.7

sources: PACKETSTORM: 33773 // CNNVD: CNNVD-200412-044

SOURCES

db:VULHUBid:VHN-8995
db:BIDid:10687
db:JVNDBid:JVNDB-2004-000211
db:PACKETSTORMid:33773
db:PACKETSTORMid:46506
db:PACKETSTORMid:46508
db:PACKETSTORMid:46509
db:CNNVDid:CNNVD-200412-044
db:NVDid:CVE-2004-0565

LAST UPDATE DATE

2024-11-11T22:55:03.082000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-8995date:2017-10-11T00:00:00
db:BIDid:10687date:2007-01-17T21:30:00
db:JVNDBid:JVNDB-2004-000211date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200412-044date:2005-10-20T00:00:00
db:NVDid:CVE-2004-0565date:2017-10-11T01:29:28.480

SOURCES RELEASE DATE

db:VULHUBid:VHN-8995date:2004-12-06T00:00:00
db:BIDid:10687date:2004-07-09T00:00:00
db:JVNDBid:JVNDB-2004-000211date:2007-04-01T00:00:00
db:PACKETSTORMid:33773date:2004-07-12T17:36:00
db:PACKETSTORMid:46506date:2006-05-22T06:29:12
db:PACKETSTORMid:46508date:2006-05-22T06:33:40
db:PACKETSTORMid:46509date:2006-05-22T06:34:27
db:CNNVDid:CNNVD-200412-044date:2004-07-09T00:00:00
db:NVDid:CVE-2004-0565date:2004-12-06T05:00:00