CVE-2004-1072

7 documents5 sources

Severity

7.2HIGH

EPSS

0.1%

top 78.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Redhat Enterprise Linux Redhat Enterprise Linux Desktop +5 more

Timeline

PublishedJan 10

Latest updateMay 3

Description

The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, may create an interpreter name string that is not NULL terminated, which could cause strings longer than PATH_MAX to be used, leading to buffer overflows that allow local users to cause a denial of service (hang) and possibly execute arbitrary code.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages7 packages

▶NVDlinux/linux_kernel41 versions+40

▶NVDsuse/suse_linux7 versions+6

▶NVDtrustix/secure_linux4 versions+3

▶NVDturbolinux/turbolinux_server10.0

▶NVDredhat/enterprise_linux_desktop3.0

Also affects: Enterprise Linux 2.1, 3.0

Patches

Patch: www.redhat.com ↗Patch: www.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-7p9x-fr92-xwxr: The binfmt_elf loader (binfmt_elf↗2022-05-03

▶

CVEList

CVE-2004-1072: The binfmt_elf loader (binfmt_elf↗2004-12-01

▶

📋Vendor Advisories

Red Hat

security flaw↗2004-11-10

▶

💬Community

Bugzilla

CVE-2004-1072 security flaw↗2018-08-16

▶

Bugzilla

CAN-2004-1070 binfmt_elf loader vulnerabilities (CAN-2004-1071 CAN-2004-1072 CAN-2004-1073)↗2004-10-06

▶

Bugzilla

CAN-2004-1070 binfmt_elf loader vulnerabilities (CAN-2004-1071 CAN-2004-1072 CAN-2004-1073)↗2004-10-06

▶