CVE-2004-1337

5 documents5 sources

Severity

7.2HIGH

EPSS

0.0%

top 85.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Conectiva Linux GNU Realtime Linux Security Module Ubuntu Ubuntu Linux

Timeline

PublishedDec 23

Latest updateApr 29

Description

The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6 does not properly handle the credentials of a process that is launched before the module is loaded, which allows local users to gain privileges.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶NVDgnu/realtime_linux_security_module0.8.7

▶NVDconectiva/linux10.0

Also affects: Ubuntu Linux 4.1

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-q8ph-984x-fqwc: The POSIX Capability Linux Security Module (LSM) for Linux kernel 2↗2022-04-29

▶

CVEList

CVE-2004-1337: The POSIX Capability Linux Security Module (LSM) for Linux kernel 2↗2005-01-06

▶

💥Exploits & PoCs

Exploit-DB

Protector System 1.15 b1 - 'index.php' SQL Injection↗2004-04-23

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities↗2005-01-09

▶