Local Code Execution Vulnerability in Linux Kernel by Linux
CVE-2004-1235

Currently unrated

Key Information:

Vendor: Suse
Status: Suse Linux; Linux Kernel; Fedora Core; Enterprise Linux
Vendor: CVE Published:; 14 April 2005

Summary

A race condition exists in the load_elf_library and binfmt_aout function calls of the Linux kernel versions 2.4 up to 2.4.29-rc2 and 2.6 up to 2.6.10. Through the manipulation of the VMA (Virtual Memory Area) descriptor, local users can exploit this vulnerability to execute arbitrary code. This could lead to unauthorized access and potentially significant breaches of system security.

References

http://secunia.com/advisories/20163

third-party-advisoryx_refsource_SECUNIA

http://www.debian.org/security/2006/dsa-1082

vendor-advisoryx_refsource_DEBIAN

http://www.mandriva.com/security/advisories?name=MDKSA-20...

vendor-advisoryx_refsource_MANDRAKE

Timeline

Vulnerability published
Apr 14, 2005
Vulnerability Reserved
Dec 15, 2004