Denial of Service Vulnerability in Linux Kernel by The Linux Foundation
CVE-2004-1333

Currently unrated

Key Information:

Vendor: Linux
Status: Linux Kernel; Fedora Core; Linux
Vendor: CVE Published:; 15 December 2004

Summary

The Linux kernel versions 2.4 and 2.6 prior to 2.6.10 contain a vulnerability in the vc_resize function that allows local users to exploit an integer overflow. This vulnerability can be triggered by sending a specially crafted 'new screen' value, leading to a buffer overflow that results in a crash of the kernel, effectively causing a denial of service. This issue highlights the need for users to update their kernels to ensure protection against such local exploits.

References

http://secunia.com/advisories/20163

third-party-advisoryx_refsource_SECUNIA

http://www.securitytrap.com/mail/full-disclosure/2004/Dec...

mailing-listx_refsource_FULLDISC

https://usn.ubuntu.com/47-1/

vendor-advisoryx_refsource_UBUNTU

Timeline

Vulnerability Reserved
Jan 6, 2005
Vulnerability published
Dec 15, 2004