Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-1073

13 documents6 sources

Severity

2.1LOW

EPSS

0.3%

top 44.03%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Linux Linux Kernel Redhat Enterprise Linux Redhat Enterprise Linux Desktop +5 more

Timeline

PublishedJan 10

Latest updateApr 29

Description

The open_exec function in the execve functionality (exec.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users to read non-readable ELF binaries by using the interpreter (PT_INTERP) functionality.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages7 packages

▶NVDlinux/linux_kernel41 versions+40

▶NVDsuse/suse_linux7 versions+6

▶NVDtrustix/secure_linux4 versions+3

▶NVDturbolinux/turbolinux_server10.0

▶NVDredhat/enterprise_linux_desktop3.0

Also affects: Enterprise Linux 2.1, 3.0

Patches

Patch: www.redhat.com ↗Patch: www.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-g2v4-66wh-fj69: The open_exec function in the execve functionality (exec↗2022-04-29

▶

CVEList

CVE-2004-1073: The open_exec function in the execve functionality (exec↗2004-12-01

▶

💥Exploits & PoCs

Exploit-DB

Linux Kernel 2.4.27/2.6.8 - 'binfmt_elf' Executable File Read↗2004-11-10

▶

📋Vendor Advisories

Red Hat

core-dumping unreadable binaries via PT_INTERP↗2007-01-26

▶

Red Hat

security flaw↗2004-11-10

▶

💬Community

Bugzilla

CVE-2004-1073 security flaw↗2018-08-16

▶

Bugzilla

CVE-2007-0958 core-dumping unreadable binaries via PT_INTERP↗2007-06-08

▶

Bugzilla

CVE-2007-0958 core-dumping unreadable binaries via PT_INTERP↗2007-02-23

▶

Bugzilla

CVE-2004-1073 looks unfixed in RHEL2.1-ia64↗2005-03-30

▶

Bugzilla

CVE-2004-1073 looks unfixed in RHEL2.1↗2005-03-30

▶