CVE-2004-2004Misinterpretation of Input in Linux

CWE-115Misinterpretation of Input52 documents7 sources
Severity
10.0CRITICALNVD
EPSS
0.9%
top 23.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Suse Linux
Timeline
PublishedMay 6
Latest updateMar 27

Description

The Live CD in SUSE LINUX 9.1 Personal edition is configured without a password for root, which allows remote attackers to gain privileges via SSH.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-3xv5-7mgj-868h: The Live CD in SUSE LINUX 92022-04-29
CVEList
CVE-2004-2004: The Live CD in SUSE LINUX 92005-05-10

💥Exploits & PoCs

23
Exploit-DB
Webby WebServer - Overflow (SEH) (PoC)2010-05-25
Exploit-DB
vSpin Classified System 2004 - 'cat.asp?catname' Cross-Site Scripting2006-11-20
Exploit-DB
Wirtualna Polska WPKontakt 3.0.1 - Remote Script Execution2004-12-23
Exploit-DB
phpMyChat 0.14.5 - Remote Improper File Permissions2004-12-22
Exploit-DB
UBBCentral UBB.Threads 6.2.3/6.5 - 'calendar.php?Cat' Cross-Site Scripting2004-12-13

📋Vendor Advisories

2
Red Hat
curl: Usage of disabled protocol2024-03-27
Red Hat
security flaw2004-12-08

💬Community

11
Bugzilla
CVE-2004-0007 security flaw2018-08-16
Bugzilla
CVE-2004-1453 security flaw2018-08-16
Bugzilla
CVE-2004-0521 security flaw2018-08-16
Bugzilla
CVE-2004-1141 security flaw2018-08-16
Bugzilla
CVE-2004-1138 security flaw2018-08-16
CVE-2004-2004 — Misinterpretation of Input in Linux | cvebase