CVE-2004-0791

Name of the Vulnerable Software and Affected Versions HP-UX versions (affected versions not specified) Linux kernel (affected versions not specified)

Description A potential security issue has been identified that could be remotely exploited to cause a Denial of Service (DoS). The Linux kernel has several security issues, including a VMA handling flaw in the uselib(2) system call that could allow a local user to gain elevated privileges. Additionally, a flaw was discovered where an executable could cause a VMA overlap leading to a crash. A flaw in the page fault handler code could lead to local users gaining elevated privileges on multiprocessor machines. A flaw in the system call filtering code in the audit subsystem allowed a local user to cause a crash when auditing was enabled.

Recommendations For HP-UX, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Linux kernel, upgrade the kernel to the packages associated with the machine architectures and configurations as listed in the erratum. As a temporary workaround, consider disabling the uselib(2) system call until a patch is available. Restrict access to the audit subsystem to minimize the risk of exploitation. Avoid using the cmsg len handling until the issue is resolved.