Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2004-0497

🗓️ 06 Jul 2004 04:00:00Reported by mitreType 
cve
 cve🔗 web.nvd.nist.gov👁 80 Views🌐 WEB

Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files

Related
Detection
Refs
Paths
ReporterTitlePublishedViews
Family
0day.today		Linux Kernel 2.6.x < 2.6.7-rc3 - sys_chown() Privilege Escalation Exploit
8 Nov 201600:00
zdt
0day.today		Linux Kernel 2.6.x chown() Group Ownership Alteration Exploit
24 Dec 200400:00
zdt
Cvelist		CVE-2004-0497
6 Jul 200404:00
cvelist
Exploit DB		Linux Kernel 2.6.x < 2.6.7-rc3 - 'sys_chown()' Privilege Escalation
4 Dec 200400:00
exploitdb
Exploit DB		Linux Kernel &lt; 2.6.7-rc3 (Slackware 9.1 / Debian 3.0) - &#039;sys_chown()&#039; Group Ownership Alteration Privilege Escalation
24 Dec 200400:00
exploitdb
EUVD		EUVD-2004-0496
7 Oct 202500:30
euvd
exploitpack		Linux Kernel 2.6.7-rc3 (Slackware 9.1 Debian 3.0) - sys_chown() Group Ownership Alteration Privilege Escalation
24 Dec 200400:00
exploitpack
Tenable Nessus		Fedora Core 2 : kernel-2.6.6-1.435.2.3 (2004-205)
23 Jul 200400:00
nessus
Tenable Nessus		Fedora Core 1 : kernel-2.4.22-1.2197.nptl (2004-206)
23 Jul 200400:00
nessus
Tenable Nessus		GLSA-200407-16 : Linux Kernel: Multiple DoS and permission vulnerabilities
30 Aug 200400:00
nessus
Rows per page
NVD
Node
mandrakesoftmandrake_multi_network_firewallMatch8.2
OR
conectivalinuxMatch10
Node
gentoolinux
OR
linuxlinux_kernelMatch2.0
OR
mandrakesoftmandrake_linuxMatch9.1
OR
mandrakesoftmandrake_linuxMatch9.2
OR
mandrakesoftmandrake_linuxMatch10.0
OR
mandrakesoftmandrake_linux_corporate_serverMatch2.1
OR
redhatenterprise_linuxMatch2.1advanced_server
OR
redhatenterprise_linuxMatch2.1enterprise_server
OR
redhatenterprise_linuxMatch2.1workstation
OR
redhatenterprise_linuxMatch3.0advanced_server
OR
redhatenterprise_linuxMatch3.0enterprise_server
OR
redhatenterprise_linuxMatch3.0workstation_server
OR
susesuse_linuxMatch8.0
OR
susesuse_linuxMatch8.1
OR
susesuse_linuxMatch8.2
OR
susesuse_linuxMatch9.0
OR
susesuse_linuxMatch9.1
OR
trustixsecure_linuxMatch2
OR
trustixsecure_linuxMatch2.0
OR
trustixsecure_linuxMatch2.1
ParameterPositionPathDescriptionCWE
file_namepath/etc/shadowUnauthenticated or unintended chown manipulation on files to escalate privileges (e.g., changing group ownership on NFS/exported files).CWE-264
file_namepath/dev/memAccess to raw memory device via improper DAC controls enabling privilege escalation or data leakage.CWE-264
file_namepath/dev/kmemAccess to kernel memory via chown-like misuse enabling privilege escalation or data leakage.CWE-264
file_namepath/dev/hd*/Access to disk device files through improper DAC checks enabling unauthorized read/write operations.CWE-264
file_namepath/dev/sd*/Access to disk device files through improper DAC checks enabling unauthorized read/write operations.CWE-264
file_namepath/dev/tty*Access to TTY device files allowing snooping or command execution due to missing DAC controls.CWE-264
file_namepath/dev/pts*Access to pseudo-terminal devices enabling command execution due to missing DAC controls.CWE-264

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
16 Apr 2026 00:27Current
5.7Medium risk
Vulners AI Score5.7
CVSS 22.1
EPSS0.00306
cve-2004-0497linux kernelvulnerabilitylocal usersgroup idfilesnfs exported files
80