CVE-2004-2408 — Linux-vserver vulnerability

3 documents3 sources

Severity

3.6LOWNVD

EPSS

0.1%

top 79.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vserver Linux-vserver

Timeline

PublishedDec 31

Latest updateApr 29

Description

Linux VServer 1.27 and earlier, 1.3.9 and earlier, and 1.9.1 and earlier shares /proc permissions across all virtual and host servers, which allows local users with the ability to set permissions in /proc to obtain system information or cause a denial of service on other virtual servers or the host server.

CVSS vector

AV:L/AC:L/C:P/I:P/A:NExploitability: 3.9 | Impact: 4.9

Affected Packages1 packages

▶NVDvserver/linux-vserver19 versions+18

Patches

Patch: secunia.com ↗Patch: www.securityfocus.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-76vx-9pqq-3vp9: Linux VServer 1↗2022-04-29

▶

CVEList

CVE-2004-2408: Linux VServer 1↗2005-08-18

▶