CVE-2004-1235

Name of the Vulnerable Software and Affected Versions Linux kernel versions 2.4 through 2.4.29-rc2 Linux kernel versions 2.6 through 2.6.10 Debian GNU/Linux kernel-image-2.4.18-powerpc-xfs version Debian GNU/Linux kernel-image-2.4.18-sun4u version Debian GNU/Linux kernel-image-2.4.18-sun4u-smp version Debian GNU/Linux kernel-image-2.4.19-sparc version Debian GNU/Linux kernel-image-2.4.19-sun4u version Debian GNU/Linux kernel-image-2.4.19-sun4u-smp version Debian GNU/Linux kernel-headers-2.4.18-sparc version Debian GNU/Linux kernel-headers-2.4.19-sparc version Debian GNU/Linux kernel-patch-benh version

Description The issue involves multiple vulnerabilities in the Linux kernel and Debian GNU/Linux kernel packages, which can lead to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. A race condition in the load elf library and binfmt aout function calls for uselib in the Linux kernel allows local users to execute arbitrary code by manipulating the VMA descriptor.

Recommendations For Linux kernel versions 2.4 through 2.4.29-rc2, update to a version outside of this range to resolve the issue. For Linux kernel versions 2.6 through 2.6.10, update to a version outside of this range to resolve the issue. For Debian GNU/Linux kernel-image-2.4.18-powerpc-xfs, kernel-image-2.4.18-sun4u, kernel-image-2.4.18-sun4u-smp, kernel-image-2.4.19-sparc, kernel-image-2.4.19-sun4u, kernel-image-2.4.19-sun4u-smp, kernel-headers-2.4.18-sparc, kernel-headers-2.4.19-sparc, and kernel-patch-benh, update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the vulnerable kernel packages until a patch is available.