CVE-2004-1070 — Vulnetix

Try Vulnetix Request Demo

CVE-2004-1070 PUBLISHED CVSS 7.199999809265137 HIGH

The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly check return values from calls to the kernel_read function, which may allow local users to modify sensitive memory in a setuid program and execute arbitrary code.

EPSS 0.07% · 20.0th percentile

Risk Scores

CVSS v2.0

7.199999809265137

EPSS Score

0.07%

20.0th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
linux	linux_kernel	2.4.0, 2.4.0, 2.4.0
suse	suse_linux	9.0, 9.0, 9.0
trustix	secure_linux	2.0, 1.5, 2.1
redhat	linux_advanced_workstation	2.1, 2.1
redhat	enterprise_linux_desktop	3.0
redhat	fedora_core	core_3.0, core_2.0
redhat	enterprise_linux	2.1, 2.1, 2.1
turbolinux	turbolinux_server	10.0

Timeline

Nov 19, 2004 CVE Published
Jan 17, 2005 CVE Updated
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score

References

20163 third-party-advisory
DSA-1082 vendor-advisory
MDKSA-2005:022 vendor-advisory
http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt url
FLSA:2336 vendor-advisory
19607 third-party-advisory
DSA-1070 vendor-advisory
20162 third-party-advisory
oval:org.mitre.oval:def:9450 vdb
linux-elf-setuid-gain-privileges(18025) vdb
RHSA-2004:549 vendor-advisory
DSA-1067 vendor-advisory
11646 vdb
DSA-1069 vendor-advisory
20060402-01-U vendor-advisory
RHSA-2004:505 vendor-advisory
20202 third-party-advisory
RHSA-2004:504 vendor-advisory
20338 third-party-advisory
https://nvd.nist.gov/vuln/detail/CVE-2004-1070 advisory

…and 1 more

Open in Interactive Console →