CVE-2004-2731

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 2.4.27 Linux kernel versions 2.4.x up to 2.4.27 Linux kernel versions 2.6.x up to 2.6.7

Description The issue involves multiple vulnerabilities in the Linux kernel, specifically in the Sbus PROM driver, that can be exploited to execute arbitrary code. This can be achieved by specifying a small buffer size to the copyin string function or a negative buffer size to the copyin function. The vulnerabilities can be exploited remotely, potentially leading to a disruption of protected information.

Recommendations For Linux kernel versions 2.4.x up to 2.4.27, update to a version later than 2.4.27 to resolve the issue. For Linux kernel versions 2.6.x up to 2.6.7, update to a version later than 2.6.7 to resolve the issue. As a temporary workaround, consider restricting access to the Sbus PROM driver to minimize the risk of exploitation.