CVE-2004-0109

Severity Score

4.6

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Buffer overflow in the ISO9660 file system component for Linux kernel 2.4.x, 2.5.x and 2.6.x, allows local users with physical access to overflow kernel memory and execute arbitrary code via a malformed CD containing a long symbolic link entry.

Desbordamiento de búfer en el componente de sistema de ficheros ISO9660 del kernel de Linux 2.4.x y 2.6.x permite a usuarios locales con acceso físico desbordar memoria del kernel y ejecutar código arbitrario mediante un CD malformado con un una entrada de enlace simbólico larga.

*Credits: N/A

CVSS Scores

NISTv2 4.6

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2004-02-02 CVE Reserved
2004-04-14 CVE Published
2023-03-07 EPSS Updated
2024-08-08 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (44)

URL	Tag	Source
http://secunia.com/advisories/11361	Third Party Advisory
http://secunia.com/advisories/11362	Third Party Advisory
http://secunia.com/advisories/11373	Third Party Advisory
http://secunia.com/advisories/11429	Third Party Advisory
http://secunia.com/advisories/11464	Third Party Advisory
http://secunia.com/advisories/11469	Third Party Advisory
http://secunia.com/advisories/11470	Third Party Advisory
http://secunia.com/advisories/11486	Third Party Advisory
http://secunia.com/advisories/11494	Third Party Advisory
http://secunia.com/advisories/11518	Third Party Advisory
http://secunia.com/advisories/11626	Third Party Advisory
http://secunia.com/advisories/11861	Third Party Advisory
http://secunia.com/advisories/11891	Third Party Advisory
http://secunia.com/advisories/11986	Third Party Advisory
http://secunia.com/advisories/12003	Third Party Advisory
http://www.ciac.org/ciac/bulletins/o-121.shtml	Government Resource
http://www.ciac.org/ciac/bulletins/o-127.shtml	Government Resource
http://www.securityfocus.com/bid/10141	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/15866	Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10733	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A940	Signature

URL	Date	SRC

URL	Date	SRC
ftp://patches.sgi.com/support/free/security/advisories/20040405-01-U.asc	2017-10-11
http://rhn.redhat.com/errata/RHSA-2004-166.html	2017-10-11
http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html	2017-10-11

URL	Date	SRC
ftp://patches.sgi.com/support/free/security/advisories/20040504-01-U.asc	2017-10-11
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846	2017-10-11
http://marc.info/?l=bugtraq&m=108213675028441&w=2	2017-10-11
http://security.gentoo.org/glsa/glsa-200407-02.xml	2017-10-11
http://www.debian.org/security/2004/dsa-479	2017-10-11
http://www.debian.org/security/2004/dsa-480	2017-10-11
http://www.debian.org/security/2004/dsa-481	2017-10-11
http://www.debian.org/security/2004/dsa-482	2017-10-11
http://www.debian.org/security/2004/dsa-489	2017-10-11
http://www.debian.org/security/2004/dsa-491	2017-10-11
http://www.debian.org/security/2004/dsa-495	2017-10-11
http://www.idefense.com/application/poi/display?id=101&type=vulnerabilities	2017-10-11
http://www.mandriva.com/security/advisories?name=MDKSA-2004:029	2017-10-11
http://www.novell.com/linux/security/advisories/2004_09_kernel.html	2017-10-11
http://www.redhat.com/support/errata/RHSA-2004-105.html	2017-10-11
http://www.redhat.com/support/errata/RHSA-2004-106.html	2017-10-11
http://www.redhat.com/support/errata/RHSA-2004-183.html	2017-10-11
http://www.turbolinux.com/security/2004/TLSA-2004-14.txt	2017-10-11
https://access.redhat.com/security/cve/CVE-2004-0109	2004-04-22
https://bugzilla.redhat.com/show_bug.cgi?id=1617154	2004-04-22

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				2.4.0 Search vendor "Linux" for product "Linux Kernel" and version "2.4.0"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				2.5.0 Search vendor "Linux" for product "Linux Kernel" and version "2.5.0"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				2.6.0 Search vendor "Linux" for product "Linux Kernel" and version "2.6.0"		-		Affected