Buffer Overflow Vulnerability in Linux Kernel by The Linux Foundation
CVE-2004-1072

Currently unrated

Key Information:

Vendor: Suse
Status: Suse Linux; Linux Kernel; Enterprise Linux; Fedora Core
Vendor: CVE Published:; 10 January 2005

Summary

The binfmt_elf loader in the Linux kernel versions 2.4.x (up to 2.4.27) and 2.6.x (up to 2.6.8) is susceptible to a vulnerability where it may generate a non-NULL terminated interpreter name string. This issue can lead to the exploitation of strings exceeding the PATH_MAX limit, resulting in potential buffer overflows. Such overflows may cause a denial of service, allowing local users to hang the system and potentially execute arbitrary code maliciously. It's crucial for users and administrators to implement necessary patches and updates to safeguard their systems against this weakness.

References

http://secunia.com/advisories/20163

third-party-advisoryx_refsource_SECUNIA

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.debian.org/security/2006/dsa-1082

vendor-advisoryx_refsource_DEBIAN

Timeline

Vulnerability published
Jan 10, 2005
Vulnerability Reserved
Nov 29, 2004