CVE-2004-1072

Name of the Vulnerable Software and Affected Versions Linux kernel versions 2.4.x up to 2.4.27 Linux kernel versions 2.6.x up to 2.6.8 Debian GNU/Linux kernel-image-2.4.18-powerpc-xfs version Debian GNU/Linux kernel-image-2.4.18-sun4u version Debian GNU/Linux kernel-image-2.4.18-sun4u-smp version Debian GNU/Linux kernel-image-2.4.19-sparc version Debian GNU/Linux kernel-image-2.4.19-sun4u version Debian GNU/Linux kernel-image-2.4.19-sun4u-smp version Debian GNU/Linux kernel-headers-2.4.18-sparc version Debian GNU/Linux kernel-headers-2.4.19-sparc version Debian GNU/Linux kernel-patch-benh version

Description The issue is related to multiple vulnerabilities in the Linux kernel and Debian GNU/Linux kernel packages. These vulnerabilities can be exploited remotely and may lead to a violation of confidentiality, integrity, and availability of protected information. The binfmt elf loader in the Linux kernel may create an interpreter name string that is not NULL terminated, potentially causing buffer overflows that allow local users to cause a denial of service and possibly execute arbitrary code.

Recommendations For Linux kernel versions 2.4.x up to 2.4.27, update to a version later than 2.4.27. For Linux kernel versions 2.6.x up to 2.6.8, update to a version later than 2.6.8. For Debian GNU/Linux kernel-image-2.4.18-powerpc-xfs, update to a version that is not vulnerable. For Debian GNU/Linux kernel-image-2.4.18-sun4u, update to a version that is not vulnerable. For Debian GNU/Linux kernel-image-2.4.18-sun4u-smp, update to a version that is not vulnerable. For Debian GNU/Linux kernel-image-2.4.19-sparc, update to a version that is not vulnerable. For Debian GNU/Linux kernel-image-2.4.19-sun4u, update to a version that is not vulnerable. For Debian GNU/Linux kernel-image-2.4.19-sun4u-smp, update to a version that is not vulnerable. For Debian GNU/Linux kernel-headers-2.4.18-sparc, update to a version that is not vulnerable. For Debian GNU/Linux kernel-headers-2.4.19-sparc, update to a version that is not vulnerable. For Debian GNU/Linux kernel-patch-benh, update to a version that is not vulnerable.