CVE-2004-0109

Name of the Vulnerable Software and Affected Versions Debian GNU/Linux kernel-pcmcia-modules versions 2.4.18-1-686 through 2.4.18-1-686 Debian GNU/Linux kernel-doc versions 2.4.16 through 2.4.20 Debian GNU/Linux kernel-image versions 2.4.16 through 2.4.20 Debian GNU/Linux kernel-headers versions 2.4.16 through 2.4.20 Debian GNU/Linux kernel-source versions 2.4.16 through 2.4.20 Debian GNU/Linux kernel-patch versions 2.4.16 through 2.4.20 Red Hat Linux kernel versions 2.4.20 and earlier Red Hat Linux kernel-bigmem versions 2.4.20 and earlier Red Hat Linux kernel-BOOT versions 2.4.20 and earlier Red Hat Linux kernel-doc versions 2.4.20 and earlier Red Hat Linux kernel-smp versions 2.4.20 and earlier Gentoo Linux aa-sources versions prior to 2.4.23-r2

Description The issue affects multiple components of the Linux kernel in various operating systems, including Debian GNU/Linux and Red Hat Linux. Exploitation of these vulnerabilities can lead to a breach of confidentiality, integrity, and availability of protected information. The vulnerabilities can be exploited locally or remotely, depending on the specific component and version. A buffer overflow in the ISO9660 file system component allows local users with physical access to overflow kernel memory and execute arbitrary code via a malformed CD containing a long symbolic link entry.

Recommendations For Debian GNU/Linux kernel-pcmcia-modules versions 2.4.18-1-686 and earlier, update to a newer version. For Debian GNU/Linux kernel-doc versions 2.4.16 through 2.4.20, update to a newer version. For Debian GNU/Linux kernel-image versions 2.4.16 through 2.4.20, update to a newer version. For Debian GNU/Linux kernel-headers versions 2.4.16 through 2.4.20, update to a newer version. For Debian GNU/Linux kernel-source versions 2.4.16 through 2.4.20, update to a newer version. For Debian GNU/Linux kernel-patch versions 2.4.16 through 2.4.20, update to a newer version. For Red Hat Linux kernel versions 2.4.20 and earlier, update to a newer version. For Red Hat Linux kernel-bigmem versions 2.4.20 and earlier, update to a newer version. For Red Hat Linux kernel-BOOT versions 2.4.20 and earlier, update to a newer version. For Red Hat Linux kernel-doc versions 2.4.20 and earlier, update to a newer version. For Red Hat Linux kernel-smp versions 2.4.20 and earlier, update to a newer version. For Gentoo Linux aa-sources versions prior to 2.4.23-r2, update to version 2.4.23-r2 or later. As a temporary workaround, consider disabling the vulnerable components until a patch is available. Restrict access to the vulnerable modules to minimize the risk of exploitation. Avoid using the affected kernel versions until an update is applied.