Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0497

6 documents6 sources

Severity

2.1LOW

EPSS

0.3%

top 46.14%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Conectiva Linux Linux Linux Kernel Mandrakesoft Mandrake Linux +5 more

Timeline

PublishedDec 6

Latest updateApr 29

Description

Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in kernel 2.4.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages7 packages

▶NVDlinux/linux_kernel2.0

▶NVDconectiva/linux10

▶NVDsuse/suse_linux5 versions+4

▶NVDtrustix/secure_linux2, 2.0, 2.1+2

▶NVDmandrakesoft/mandrake_linux10.0, 9.1, 9.2+2

Also affects: Enterprise Linux 2.1, 3.0

Patches

Patch: distro.conectiva.com.br ↗Patch: www.mandrakesecure.net ↗Patch: www.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-3975-v726-f8hr: Unknown vulnerability in Linux kernel 2↗2022-04-29

▶

CVEList

CVE-2004-0497: Unknown vulnerability in Linux kernel 2↗2004-07-06

▶

💥Exploits & PoCs

Exploit-DB

Linux Kernel < 2.6.7-rc3 (Slackware 9.1 / Debian 3.0) - 'sys_chown()' Group Ownership Alteration Privilege Escalation↗2004-12-24

▶

📋Vendor Advisories

Red Hat

security flaw↗2004-06-30

▶

💬Community

Bugzilla

CVE-2004-0497 security flaw↗2018-08-16

▶