CVE-2004-1137
published 2005-01-10CVE-2004-1137: Multiple vulnerabilities in the IGMP functionality for Linux kernel 2.4.22 to 2.4.28, and 2.6.x to 2.6.9, allow local and remote attackers to cause a denial of…
PriorityP347critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
20.82%
97.2th percentile
Multiple vulnerabilities in the IGMP functionality for Linux kernel 2.4.22 to 2.4.28, and 2.6.x to 2.6.9, allow local and remote attackers to cause a denial of service or execute arbitrary code via (1) the ip_mc_source function, which decrements a counter to -1, or (2) the igmp_marksources function, which does not properly validate IGMP message parameters and performs an out-of-bounds read.
Affected
43 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2004-12-15
CVE-2004-1137 Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Linux kernel vulnerabilities
CAN-2004-0814:
Vitaly V. Bursov discovered a Denial of Service vulnerability in the "serio"
code; opening the same tty device twice and doing some particular operations on
it caused a kernel panic and/or a system lockup.
Fixing this vulnerability required a change in the Application Binary
Interface (ABI) of the kernel. This means that third party user installed
modules might not work any more with the new kernel, so this fixed kernel got
a new ABI version number. You have to recompile and reinstall all third party
modules.
CAN-2004-1016:
Paul Starzetz discovered a buffer overflow vulnerability in the "__scm_send"
function which handles the sending of UDP network packets. A wrong validity
check of the cmsghdr s
Red Hat
security flaw
vendor_redhat·2004-12-14·CVSS 10.0
CVE-2004-1137 [CRITICAL] security flaw
security flaw
Multiple vulnerabilities in the IGMP functionality for Linux kernel 2.4.22 to 2.4.28, and 2.6.x to 2.6.9, allow local and remote attackers to cause a denial of service or execute arbitrary code via (1) the ip_mc_source function, which decrements a counter to -1, or (2) the igmp_marksources function, which does not properly validate IGMP message parameters and performs an out-of-bounds read.
GHSA
GHSA-vqwc-f978-m55f: Multiple vulnerabilities in the IGMP functionality for Linux kernel 2
ghsa_unreviewed·2022-04-29
CVE-2004-1137 [HIGH] GHSA-vqwc-f978-m55f: Multiple vulnerabilities in the IGMP functionality for Linux kernel 2
Multiple vulnerabilities in the IGMP functionality for Linux kernel 2.4.22 to 2.4.28, and 2.6.x to 2.6.9, allow local and remote attackers to cause a denial of service or execute arbitrary code via (1) the ip_mc_source function, which decrements a counter to -1, or (2) the igmp_marksources function, which does not properly validate IGMP message parameters and performs an out-of-bounds read.
No detection rules found.
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930http://isec.pl/vulnerabilities/isec-0018-igmp.txthttp://marc.info/?l=bugtraq&m=110306397320336&w=2http://www.mandriva.com/security/advisories?name=MDKSA-2005:022http://www.novell.com/linux/security/advisories/2004_44_kernel.htmlhttp://www.redhat.com/support/errata/RHSA-2005-092.htmlhttps://bugzilla.fedora.us/show_bug.cgi?id=2336https://exchange.xforce.ibmcloud.com/vulnerabilities/18481https://exchange.xforce.ibmcloud.com/vulnerabilities/18482https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11144http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930http://isec.pl/vulnerabilities/isec-0018-igmp.txthttp://marc.info/?l=bugtraq&m=110306397320336&w=2http://www.mandriva.com/security/advisories?name=MDKSA-2005:022http://www.novell.com/linux/security/advisories/2004_44_kernel.htmlhttp://www.redhat.com/support/errata/RHSA-2005-092.htmlhttps://bugzilla.fedora.us/show_bug.cgi?id=2336https://exchange.xforce.ibmcloud.com/vulnerabilities/18481https://exchange.xforce.ibmcloud.com/vulnerabilities/18482https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11144
2005-01-10
Published