CVE-2004-1071 — Vulnetix

Try Vulnetix Request Demo

CVE-2004-1071 PUBLISHED CVSS 7.199999809265137 HIGH

The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly handle a failed call to the mmap function, which causes an incorrect mapped image and may allow local users to execute arbitrary code.

EPSS 0.05% · 16.3th percentile

Risk Scores

CVSS v2.0

7.199999809265137

EPSS Score

0.05%

16.3th percentile

Affected Products

Vendor	Product	Versions
redhat	enterprise_linux_desktop	3.0
redhat	fedora_core	core_3.0, core_2.0
turbolinux	turbolinux_server	10.0
n/a	n/a	n/a
suse	suse_linux	1.0, 9.2, 9.1
redhat	linux_advanced_workstation	2.1, 2.1
redhat	enterprise_linux	2.1, 2.1, 2.1
linux	linux_kernel	2.4.12, 2.4.13, 2.4.14
trustix	secure_linux	2.0, 2.1, 2.2

Timeline

Nov 19, 2004 CVE Published
Jan 17, 2005 CVE Updated
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score

References

http://isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt advisory
20163 third-party-advisory
DSA-1082 vendor-advisory
MDKSA-2005:022 vendor-advisory
http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt url
FLSA:2336 vendor-advisory
19607 third-party-advisory
DSA-1070 vendor-advisory
RHSA-2004:537 vendor-advisory
20162 third-party-advisory
linux-elf-setuid-gain-privileges(18025) vdb
DSA-1067 vendor-advisory
11646 vdb
DSA-1069 vendor-advisory
20060402-01-U vendor-advisory
RHSA-2004:505 vendor-advisory
20202 third-party-advisory
RHSA-2004:504 vendor-advisory
oval:org.mitre.oval:def:9917 vdb
20338 third-party-advisory

…and 1 more

Open in Interactive Console →