Vulnerability Details CVE-2004-1073
The open_exec function in the execve functionality (exec.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users to read non-readable ELF binaries by using the interpreter (PT_INTERP) functionality.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.4%
CVSS Severity
CVSS v2 Score 2.1
References
- http://secunia.com/advisories/18684
- http://secunia.com/advisories/20162
- http://secunia.com/advisories/20163
- http://secunia.com/advisories/20202
- http://secunia.com/advisories/20338
- http://www.debian.org/security/2006/dsa-1067
- http://www.debian.org/security/2006/dsa-1069
- http://www.debian.org/security/2006/dsa-1070
- http://www.debian.org/security/2006/dsa-1082
- http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:022
- http://www.redhat.com/support/errata/RHSA-2004-504.html
- http://www.redhat.com/support/errata/RHSA-2004-505.html
- http://www.redhat.com/support/errata/RHSA-2004-549.html
- http://www.redhat.com/support/errata/RHSA-2005-293.html
- http://www.redhat.com/support/errata/RHSA-2006-0190.html
- http://www.redhat.com/support/errata/RHSA-2006-0191.html
- http://www.securityfocus.com/bid/11646
- https://bugzilla.fedora.us/show_bug.cgi?id=2336
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18025
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11503
- http://secunia.com/advisories/18684
- http://secunia.com/advisories/20162
- http://secunia.com/advisories/20163
- http://secunia.com/advisories/20202
- http://secunia.com/advisories/20338
- http://www.debian.org/security/2006/dsa-1067
- http://www.debian.org/security/2006/dsa-1069
- http://www.debian.org/security/2006/dsa-1070
- http://www.debian.org/security/2006/dsa-1082
- http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:022
- http://www.redhat.com/support/errata/RHSA-2004-504.html
- http://www.redhat.com/support/errata/RHSA-2004-505.html
- http://www.redhat.com/support/errata/RHSA-2004-549.html
- http://www.redhat.com/support/errata/RHSA-2005-293.html
- http://www.redhat.com/support/errata/RHSA-2006-0190.html
- http://www.redhat.com/support/errata/RHSA-2006-0191.html
- http://www.securityfocus.com/bid/11646
- https://bugzilla.fedora.us/show_bug.cgi?id=2336
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18025
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11503
Products affected by CVE-2004-1073
-
cpe:2.3:o:linux:linux_kernel:2.4.0
-
cpe:2.3:o:linux:linux_kernel:2.4.1
-
cpe:2.3:o:linux:linux_kernel:2.4.10
-
cpe:2.3:o:linux:linux_kernel:2.4.11
-
cpe:2.3:o:linux:linux_kernel:2.4.12
-
cpe:2.3:o:linux:linux_kernel:2.4.13
-
cpe:2.3:o:linux:linux_kernel:2.4.14
-
cpe:2.3:o:linux:linux_kernel:2.4.15
-
cpe:2.3:o:linux:linux_kernel:2.4.16
-
cpe:2.3:o:linux:linux_kernel:2.4.17
-
cpe:2.3:o:linux:linux_kernel:2.4.18
-
cpe:2.3:o:linux:linux_kernel:2.4.19
-
cpe:2.3:o:linux:linux_kernel:2.4.2
-
cpe:2.3:o:linux:linux_kernel:2.4.20
-
cpe:2.3:o:linux:linux_kernel:2.4.21
-
cpe:2.3:o:linux:linux_kernel:2.4.22
-
cpe:2.3:o:linux:linux_kernel:2.4.23
-
cpe:2.3:o:linux:linux_kernel:2.4.23_ow2
-
cpe:2.3:o:linux:linux_kernel:2.4.24
-
cpe:2.3:o:linux:linux_kernel:2.4.24_ow1
-
cpe:2.3:o:linux:linux_kernel:2.4.25
-
cpe:2.3:o:linux:linux_kernel:2.4.26
-
cpe:2.3:o:linux:linux_kernel:2.4.27
-
cpe:2.3:o:linux:linux_kernel:2.4.3
-
cpe:2.3:o:linux:linux_kernel:2.4.4
-
cpe:2.3:o:linux:linux_kernel:2.4.5
-
cpe:2.3:o:linux:linux_kernel:2.4.6
-
cpe:2.3:o:linux:linux_kernel:2.4.7
-
cpe:2.3:o:linux:linux_kernel:2.4.8
-
cpe:2.3:o:linux:linux_kernel:2.4.9
-
cpe:2.3:o:linux:linux_kernel:2.6.0
-
cpe:2.3:o:linux:linux_kernel:2.6.1
-
cpe:2.3:o:linux:linux_kernel:2.6.2
-
cpe:2.3:o:linux:linux_kernel:2.6.3
-
cpe:2.3:o:linux:linux_kernel:2.6.4
-
cpe:2.3:o:linux:linux_kernel:2.6.5
-
cpe:2.3:o:linux:linux_kernel:2.6.6
-
cpe:2.3:o:linux:linux_kernel:2.6.7
-
cpe:2.3:o:linux:linux_kernel:2.6.8
-
cpe:2.3:o:linux:linux_kernel:2.6.9
-
cpe:2.3:o:linux:linux_kernel:2.6_test9_cvs
-
cpe:2.3:o:redhat:enterprise_linux:2.1
-
cpe:2.3:o:redhat:enterprise_linux:3.0
-
cpe:2.3:o:redhat:enterprise_linux_desktop:3.0
-
cpe:2.3:o:redhat:fedora_core:core_2.0
-
cpe:2.3:o:redhat:fedora_core:core_3.0
-
cpe:2.3:o:redhat:linux_advanced_workstation:2.1
-
cpe:2.3:o:suse:suse_linux:1.0
-
cpe:2.3:o:suse:suse_linux:8
-
cpe:2.3:o:suse:suse_linux:8.1
-
cpe:2.3:o:suse:suse_linux:8.2
-
cpe:2.3:o:suse:suse_linux:9.0
-
cpe:2.3:o:suse:suse_linux:9.1
-
cpe:2.3:o:suse:suse_linux:9.2
-
cpe:2.3:o:trustix:secure_linux:1.5
-
cpe:2.3:o:trustix:secure_linux:2.0
-
cpe:2.3:o:trustix:secure_linux:2.1
-
cpe:2.3:o:trustix:secure_linux:2.2
-
cpe:2.3:o:turbolinux:turbolinux_server:10.0