CVE-2004-0109

iDEFENSE Security Advisory 2004-04-14.t

Severity Score

7.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Buffer overflow in the ISO9660 file system component for Linux kernel 2.4.x, 2.5.x and 2.6.x, allows local users with physical access to overflow kernel memory and execute arbitrary code via a malformed CD containing a long symbolic link entry.

Desbordamiento de búfer en el componente de sistema de ficheros ISO9660 del kernel de Linux 2.4.x y 2.6.x permite a usuarios locales con acceso físico desbordar memoria del kernel y ejecutar código arbitrario mediante un CD malformado con un una entrada de enlace simbólico larga.

iDEFENSE Security Advisory 04.14.04: The Linux kernel performs no length checking on symbolic links stored on an ISO9660 file system, allowing a malformed CD to perform an arbitrary length overflow in kernel memory. Symbolic links on ISO9660 file systems are supported by the 'Rock Ridge' extension to the standard format. The vulnerability can be triggered by performing a directory listing on a maliciously constructed ISO file system, or attempting to access a file via a malformed symlink on such a file system. Many distributions allow local users to mount CDs, which makes them potentially vulnerable to local elevation attacks. The issue affects the 2.4.x, 2.5.x and 2.6.x kernel. Other kernel implementations may also be vulnerable.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2004-02-02 CVE Reserved
2004-04-14 CVE Published
2024-08-08 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (44)

URL	Tag	Source
http://secunia.com/advisories/11361	Third Party Advisory
http://secunia.com/advisories/11362	Third Party Advisory
http://secunia.com/advisories/11373	Third Party Advisory
http://secunia.com/advisories/11429	Third Party Advisory
http://secunia.com/advisories/11464	Third Party Advisory
http://secunia.com/advisories/11469	Third Party Advisory
http://secunia.com/advisories/11470	Third Party Advisory
http://secunia.com/advisories/11486	Third Party Advisory
http://secunia.com/advisories/11494	Third Party Advisory
http://secunia.com/advisories/11518	Third Party Advisory
http://secunia.com/advisories/11626	Third Party Advisory
http://secunia.com/advisories/11861	Third Party Advisory
http://secunia.com/advisories/11891	Third Party Advisory
http://secunia.com/advisories/11986	Third Party Advisory
http://secunia.com/advisories/12003	Third Party Advisory
http://www.ciac.org/ciac/bulletins/o-121.shtml	Government Resource
http://www.ciac.org/ciac/bulletins/o-127.shtml	Government Resource
http://www.securityfocus.com/bid/10141	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/15866	Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10733	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A940	Signature

URL	Date	SRC

URL	Date	SRC
ftp://patches.sgi.com/support/free/security/advisories/20040405-01-U.asc	2017-10-11
http://rhn.redhat.com/errata/RHSA-2004-166.html	2017-10-11
http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html	2017-10-11

URL	Date	SRC
ftp://patches.sgi.com/support/free/security/advisories/20040504-01-U.asc	2017-10-11
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846	2017-10-11
http://marc.info/?l=bugtraq&m=108213675028441&w=2	2017-10-11
http://security.gentoo.org/glsa/glsa-200407-02.xml	2017-10-11
http://www.debian.org/security/2004/dsa-479	2017-10-11
http://www.debian.org/security/2004/dsa-480	2017-10-11
http://www.debian.org/security/2004/dsa-481	2017-10-11
http://www.debian.org/security/2004/dsa-482	2017-10-11
http://www.debian.org/security/2004/dsa-489	2017-10-11
http://www.debian.org/security/2004/dsa-491	2017-10-11
http://www.debian.org/security/2004/dsa-495	2017-10-11
http://www.idefense.com/application/poi/display?id=101&type=vulnerabilities	2017-10-11
http://www.mandriva.com/security/advisories?name=MDKSA-2004:029	2017-10-11
http://www.novell.com/linux/security/advisories/2004_09_kernel.html	2017-10-11
http://www.redhat.com/support/errata/RHSA-2004-105.html	2017-10-11
http://www.redhat.com/support/errata/RHSA-2004-106.html	2017-10-11
http://www.redhat.com/support/errata/RHSA-2004-183.html	2017-10-11
http://www.turbolinux.com/security/2004/TLSA-2004-14.txt	2017-10-11
https://access.redhat.com/security/cve/CVE-2004-0109	2004-04-22
https://bugzilla.redhat.com/show_bug.cgi?id=1617154	2004-04-22

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				2.4.0 Search vendor "Linux" for product "Linux Kernel" and version "2.4.0"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				2.5.0 Search vendor "Linux" for product "Linux Kernel" and version "2.5.0"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				2.6.0 Search vendor "Linux" for product "Linux Kernel" and version "2.6.0"		-		Affected