Race Condition Vulnerabilities in Linux Kernel 2.4.x and 2.6.x
CVE-2004-0814

Currently unrated

Key Information:

Vendor: Linux
Status: Linux Kernel; Ubuntu Linux
Vendor: CVE Published:; 23 December 2004

What is CVE-2004-0814?

Multiple race conditions exist in the terminal layer of Linux Kernel versions 2.4.x and 2.6.x prior to 2.6.9. These vulnerabilities allow local users to inadvertently access portions of sensitive kernel data through a TIOCSETD ioctl call when a terminal interface is concurrently accessed by another thread. Additionally, a remote attacker may exploit these conditions to induce a denial of service by rapidly switching from console to PPP line discipline and sending data during this transition. This malfunction can lead to instability in system operations, potentially resulting in crashes.

References

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=133110

x_refsource_CONFIRM

http://www.mandriva.com/security/advisories?name=MDKSA-20...

vendor-advisoryx_refsource_MANDRAKE

http://marc.info/?l=bugtraq&m=110306397320336&w=2

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 23, 2004
Vulnerability Reserved
Aug 25, 2004