CVE-2004-1333

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 2.6.10 Debian GNU/Linux kernel-image-2.4.18-powerpc-xfs version Debian GNU/Linux kernel-image-2.4.18-sun4u version Debian GNU/Linux kernel-image-2.4.18-sun4u-smp version Debian GNU/Linux kernel-image-2.4.19-sparc version Debian GNU/Linux kernel-image-2.4.19-sun4u version Debian GNU/Linux kernel-image-2.4.19-sun4u-smp version Debian GNU/Linux kernel-headers-2.4.18-sparc version Debian GNU/Linux kernel-headers-2.4.19-sparc version Debian GNU/Linux kernel-patch-benh version

Description The issue involves multiple vulnerabilities in the Linux kernel and Debian GNU/Linux packages, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. An integer overflow in the vc resize function in the Linux kernel 2.4 and 2.6 before 2.6.10 allows local users to cause a denial of service (kernel crash) via a short new screen value, which leads to a buffer overflow.

Recommendations For Linux kernel versions prior to 2.6.10, update to version 2.6.10 or later to resolve the issue. For Debian GNU/Linux kernel-image-2.4.18-powerpc-xfs, kernel-image-2.4.18-sun4u, kernel-image-2.4.18-sun4u-smp, kernel-image-2.4.19-sparc, kernel-image-2.4.19-sun4u, kernel-image-2.4.19-sun4u-smp, kernel-headers-2.4.18-sparc, kernel-headers-2.4.19-sparc, and kernel-patch-benh, at the moment, there is no information about a newer version that contains a fix for this vulnerability.