Lucene search

[email protected]CVE-2004-1337

HistoryDec 23, 2004 - 5:00 a.m.

CVE-2004-1337

2004-12-2305:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

linux kernel 2.6

posix capability

lsm

security module

local privilege escalation

6.6 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6 does not properly handle the credentials of a process that is launched before the module is loaded, which allows local users to gain privileges.

CPENameOperatorVersion
gnu:realtime_linux_security_modulegnu realtime linux security moduleeq0.8.7
conectiva:linuxconectiva linuxeq10.0
ubuntu:ubuntu_linuxubuntu ubuntu linuxeq4.1

CPE	Name	Operator	Version
gnu:realtime_linux_security_module	gnu realtime linux security module	eq	0.8.7
conectiva:linux	conectiva linux	eq	10.0
ubuntu:ubuntu_linux	ubuntu ubuntu linux	eq	4.1

References

distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930

marc.info/?l=bugtraq&m=110384535113035&w=2

www.securityfocus.com/bid/12093

exchange.xforce.ibmcloud.com/vulnerabilities/18673

6.6 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

Related for CVE-2004-1337

ubuntucve1 ubuntu1 nessus2