CVE-2004-1070

Name of the Vulnerable Software and Affected Versions Linux kernel versions 2.4.x up to 2.4.27 Linux kernel versions 2.6.x up to 2.6.8

Description The issue is related to the load elf binary function in the binfmt elf loader, which does not properly check return values from calls to the kernel read function. This may allow local users to modify sensitive memory in a setuid program and execute arbitrary code. Multiple vulnerabilities in various kernel packages of the Debian GNU/Linux operating system can be exploited remotely, leading to a breach of confidentiality, integrity, and availability of protected information.

Recommendations For Linux kernel versions 2.4.x up to 2.4.27, update to a version later than 2.4.27 to resolve the issue. For Linux kernel versions 2.6.x up to 2.6.8, update to a version later than 2.6.8 to resolve the issue. As a temporary workaround, consider restricting access to setuid programs to minimize the risk of exploitation.