CVE-2004-1068

Name of the Vulnerable Software and Affected Versions Linux versions 2.4.27 and earlier, and 2.6.x up to 2.6.9 Debian GNU/Linux kernel-image-2.4.19-sun4u-smp (affected versions not specified) Debian GNU/Linux kernel-image-2.4.18-powerpc-xfs (affected versions not specified) Debian GNU/Linux kernel-image-2.4.18-sun4u (affected versions not specified) Debian GNU/Linux kernel-patch-benh (affected versions not specified) Debian GNU/Linux kernel-image-2.4.18-sun4u-smp (affected versions not specified) Debian GNU/Linux kernel-headers-2.4.19-sparc (affected versions not specified) Debian GNU/Linux kernel-headers-2.4.18-sparc (affected versions not specified) Debian GNU/Linux kernel-image-2.4.19-sun4u (affected versions not specified)

Description A "missing serialization" error in the unix dgram recvmsg function allows local users to gain privileges via a race condition. Multiple vulnerabilities in Debian GNU/Linux kernel packages may lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely.

Recommendations For Linux versions 2.4.27 and earlier, and 2.6.x up to 2.6.9: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For Debian GNU/Linux kernel-image-2.4.19-sun4u-smp: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For Debian GNU/Linux kernel-image-2.4.18-powerpc-xfs: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For Debian GNU/Linux kernel-image-2.4.18-sun4u: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For Debian GNU/Linux kernel-patch-benh: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For Debian GNU/Linux kernel-image-2.4.18-sun4u-smp: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For Debian GNU/Linux kernel-headers-2.4.19-sparc: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For Debian GNU/Linux kernel-headers-2.4.18-sparc: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For Debian GNU/Linux kernel-image-2.4.19-sun4u: At the moment, there is no information about a newer version that contains a fix for this vulnerability.