Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
6.2
CVSSv2

CVE-2004-1235

Published: 14/04/2005 Updated: 11/10/2017
CVSS v2 Base Score: 6.2 | Impact Score: 10 | Exploitability Score: 1.9
VMScore: 635
Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C

Vulnerability Summary

Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 up to and including 2.429-rc2 and 2.6 up to and including 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.

Vulnerable Product Search on Vulmon Subscribe to Product

suse suse linux 9.0

linux linux kernel 2.4.18

linux linux kernel 2.4.15

redhat fedora core core 2.0

linux linux kernel 2.4.0

redhat enterprise linux 4.0

linux linux kernel 2.6.5

linux linux kernel 2.4.11

linux linux kernel 2.6.1

mandrakesoft mandrake linux corporate server 2.1

suse suse linux 9.2

redhat enterprise linux desktop 3.0

linux linux kernel 2.4.27

ubuntu ubuntu linux 4.1

linux linux kernel 2.4.26

suse suse linux 8.2

redhat enterprise linux 3.0

linux linux kernel 2.4.19

linux linux kernel 2.4.21

linux linux kernel 2.6.10

linux linux kernel 2.4.12

linux linux kernel 2.4.13

linux linux kernel 2.6.0

suse suse linux 8

linux linux kernel 2.6.3

suse suse linux 1.0

mandrakesoft mandrake linux 9.2

linux linux kernel 2.4.17

linux linux kernel 2.6.4

linux linux kernel 2.6 test9 cvs

linux linux kernel 2.6.7

avaya modular messaging message storage server 2.0

linux linux kernel 2.4.23 ow2

linux linux kernel 2.4.23

linux linux kernel 2.4.29

linux linux kernel 2.6.2

linux linux kernel 2.6.8

redhat fedora core core 1.0

mandrakesoft mandrake linux 10.1

linux linux kernel 2.4.7

avaya s8710 r2.0.1

linux linux kernel 2.4.25

linux linux kernel 2.4.24

linux linux kernel 2.4.9

avaya converged communications server 2.0

avaya mn100

redhat linux 9.0

linux linux kernel 2.4.28

avaya network routing

mandrakesoft mandrake linux corporate server 3.0

linux linux kernel 2.4.24 ow1

linux linux kernel 2.4.10

linux linux kernel 2.4.2

linux linux kernel 2.4.16

linux linux kernel 2.4.8

linux linux kernel 2.4.14

suse suse linux 9.1

linux linux kernel 2.4.22

linux linux kernel 2.4.5

redhat linux 7.3

linux linux kernel 2.6.6

linux linux kernel 2.6.9

mandrakesoft mandrake linux 10.0

linux linux kernel 2.4.3

linux linux kernel 2.4.1

linux linux kernel 2.4.4

redhat enterprise linux desktop 4.0

avaya modular messaging message storage server 1.1

redhat fedora core core 3.0

linux linux kernel 2.4.6

avaya s8710 r2.0.0

linux linux kernel 2.4.20

suse suse linux 8.1

avaya s8500 r2.0.1

avaya s8300 r2.0.0

avaya intuity audix

avaya s8700 r2.0.1

avaya s8700 r2.0.0

avaya s8500 r2.0.0

mandrakesoft mandrake multi network firewall 8.2

conectiva linux 10.0

avaya s8300 r2.0.1

Vendor Advisories

Ubuntu Security Notice: linux-source-2.6.8.1 vulnerabilities
Paul Starzetz discovered a race condition in the ELF library and aout binary format loaders, which can be locally exploited in several different ways to gain root privileges (CAN-2004-1235) ...
Red Hat: kernel security update
Synopsis kernel security update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix several security issues in Red HatEnterprise Linux 21 are now available Description The Linux kernel handles the basic functions of the operating systemThis advisory includes ...
Red Hat: kernel security update
Synopsis kernel security update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix several security issues in Red HatEnterprise Linux 21 are now available Description The Linux kernel handles the basic functions of the operating systemThis advisory includes ...
Red Hat: kernel security update
Synopsis kernel security update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix several security issues in Red HatEnterprise Linux 3 are now available Description The Linux kernel handles the basic functions of the operating systemThis advisory includes f ...
Red Hat: kernel security update
Synopsis kernel security update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix several security issues are now availablefor Red Hat Enterprise Linux 4This update has been rated as having important security impact by the RedHat Security Response Team Description ...
Debian Security Advisories: DSA-1067-1 kernel-source-2.4.16 -- several vulnerabilities
Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2004-0427 A local denial of service vulnerability in do_fork() has been found CVE-2005-0489 A ...
Debian Security Advisories: DSA-1069-1 kernel-source-2.4.18 -- several vulnerabilities
Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2004-0427 A local denial of service vulnerability in do_fork() has been found CVE-2005-0489 A ...
Debian Security Advisories: DSA-1070-1 kernel-source-2.4.19 -- several vulnerabilities
Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2004-0427 A local denial of service vulnerability in do_fork() has been found CVE-2005-0489 A ...

Exploits

Exploit DB: Linux Kernel 2.4 - 'uselib()' Local Privilege Escalation (2)
/* * EDB Note: There's is an updated version ~ wwwexploit-dbcom/exploits/895/ */ /* * Linux kernel 24 uselib() privilege elevation exploit * * original exploit source from isecpl * reference: isecpl/vulnerabilities/isec-0021-uselibtxt * * I modified the Paul Starzetz's exploit, made it more possible * to race ...
Exploit DB: Linux Kernel 2.4.29-rc2 - 'uselib()' Local Privilege Escalation (1)
/* * EDB Note: There's is an updated version ~ wwwexploit-dbcom/exploits/895/ */ /* * binfmt_elf uselib VMA insert race vulnerability * v108 * * gcc -O2 -fomit-frame-pointer elflblc -o elflbl * * Copyright (c) 2004 iSEC Security Research All Rights Reserved * * THIS PROGRAM IS FOR EDUCATIONAL PURPOSES *ONLY* IT IS PROVIDE ...
Exploit DB: Linux Kernel 2.4.x/2.6.x - 'uselib()' Local Privilege Escalation (3)
/* * pwnedc - linux 24 and 26 sys_uselib local root exploit PRIVATE * it's not the best one, the ldt approach is definitively better * discovered may 2004 no longer private because lorian/cliph/ihaquer * can lick my balls * (c) 2004 sd <sd@fucksheeporg> * requieres cca 1gb on fs */ /* * first create fake vma structs * * * let's h ...

References

NVD-CWE-Otherhttp://www.redhat.com/support/errata/RHSA-2005-043.htmlhttp://www.securityfocus.com/bid/12190http://isec.pl/vulnerabilities/isec-0021-uselib.txthttp://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930http://www.securityfocus.com/advisories/7806http://www.securityfocus.com/advisories/7805https://bugzilla.fedora.us/show_bug.cgi?id=2336http://www.redhat.com/support/errata/RHSA-2005-092.htmlhttp://www.trustix.org/errata/2005/0001/http://www.securityfocus.com/advisories/7804http://www.redhat.com/support/errata/RHSA-2005-016.htmlhttp://www.redhat.com/support/errata/RHSA-2005-017.htmlhttp://secunia.com/advisories/20162http://secunia.com/advisories/20163http://secunia.com/advisories/20202http://secunia.com/advisories/20338http://www.novell.com/linux/security/advisories/2005_01_sr.htmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2005:022http://www.debian.org/security/2006/dsa-1067http://www.debian.org/security/2006/dsa-1070http://www.debian.org/security/2006/dsa-1082http://www.debian.org/security/2006/dsa-1069http://marc.info/?l=bugtraq&m=110512575901427&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/18800https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9567https://nvd.nist.govhttps://usn.ubuntu.com/57-1/https://www.exploit-db.com/exploits/778/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2018-25103CVE-2024-36279CVE-2024-38457elevation of privilegeCVE-2024-27801CVE-2024-30103NULL pointer dereferenceCVE-2024-6057XML injection
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook