Executive Summary

Informations
Name CVE-2004-0424 First vendor Publication 2004-07-07
Vendor Cve Last vendor Modification 2024-11-20

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22 through 2.4.25 and 2.6.1 through 2.6.3 allows local users to cause a denial of service (crash) or execute arbitrary code via the MCAST_MSFILTER socket option.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0424

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:11214
 
Oval ID: oval:org.mitre.oval:def:11214
Title: Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22 through 2.4.25 and 2.6.1 through 2.6.3 allows local users to cause a denial of service (crash) or execute arbitrary code via the MCAST_MSFILTER socket option.
Description: Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22 through 2.4.25 and 2.6.1 through 2.6.3 allows local users to cause a denial of service (crash) or execute arbitrary code via the MCAST_MSFILTER socket option.
Family: unix Class: vulnerability
Reference(s): CVE-2004-0424
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:939
 
Oval ID: oval:org.mitre.oval:def:939
Title: Linux Kernel ip_setsockopt Integer Overflow
Description: Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22 through 2.4.25 and 2.6.1 through 2.6.3 allows local users to cause a denial of service (crash) or execute arbitrary code via the MCAST_MSFILTER socket option.
Family: unix Class: vulnerability
Reference(s): CVE-2004-0424
 Version: 2
Platform(s): Red Hat Enterprise Linux 3
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Os 12
Os 2

OpenVAS Exploits

Date Description
0000-00-00 Name : Slackware Advisory SSA:2004-119-01 kernel security updates
File : nvt/esoft_slk_ssa_2004_119_01.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
5547 Linux Kernel ip_setsockopt MCAST_MSFILTER macro Overflow

Linux kernel contains a flaw that may allow a local denial of service. The issue is triggered when handling the MCAST_MSFILTER socket option of the ip_setsockopt() in the net/ipv4/i_sockglue.c source file. This flaw may allow a local attacker to cause a interger overflow and crash server or execute arbitrary codes, result in loss of availability.

Nessus® Vulnerability Scanner

Date Description
2005-07-13 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2004-119-01.nasl - Type : ACT_GATHER_INFO
2004-07-31 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2004-037.nasl - Type : ACT_GATHER_INFO
2004-07-25 Name : The remote host is missing a vendor-supplied security patch
File : suse_SA_2004_010.nasl - Type : ACT_GATHER_INFO
2004-07-23 Name : The remote Fedora Core host is missing a security update.
File : fedora_2004-111.nasl - Type : ACT_GATHER_INFO
2004-07-06 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2004-183.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

ftp://patches.sgi.com/support/free/security/advisories/20040504-01-U.asc
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000852
http://marc.info/?l=bugtraq&m=108253171301153&w=2
http://www.isec.pl/vulnerabilities/isec-0015-msfilter.txt
http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html
http://www.mandriva.com/security/advisories?name=MDKSA-2004:037
http://www.novell.com/linux/security/advisories/2004_10_kernel.html
http://www.redhat.com/support/errata/RHSA-2004-183.html
http://www.securityfocus.com/bid/10179
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&...
https://exchange.xforce.ibmcloud.com/vulnerabilities/15907
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
Date Informations
2024-11-28 23:23:02
  • Multiple Updates
2024-11-28 12:06:05
  • Multiple Updates
2024-08-02 12:02:47
  • Multiple Updates
2024-08-02 01:01:30
  • Multiple Updates
2024-02-02 01:02:33
  • Multiple Updates
2024-02-01 12:01:31
  • Multiple Updates
2023-09-05 12:02:25
  • Multiple Updates
2023-09-05 01:01:22
  • Multiple Updates
2023-09-02 12:02:27
  • Multiple Updates
2023-09-02 01:01:22
  • Multiple Updates
2023-08-12 12:02:58
  • Multiple Updates
2023-08-12 01:01:23
  • Multiple Updates
2023-08-11 12:02:33
  • Multiple Updates
2023-08-11 01:01:24
  • Multiple Updates
2023-08-06 12:02:21
  • Multiple Updates
2023-08-06 01:01:23
  • Multiple Updates
2023-08-04 12:02:25
  • Multiple Updates
2023-08-04 01:01:24
  • Multiple Updates
2023-07-14 12:02:23
  • Multiple Updates
2023-07-14 01:01:24
  • Multiple Updates
2023-03-29 01:02:25
  • Multiple Updates
2023-03-28 12:01:29
  • Multiple Updates
2022-10-11 12:02:08
  • Multiple Updates
2022-10-11 01:01:16
  • Multiple Updates
2021-05-04 12:02:19
  • Multiple Updates
2021-04-22 01:02:28
  • Multiple Updates
2020-05-23 00:15:47
  • Multiple Updates
2018-05-03 09:19:26
  • Multiple Updates
2017-07-11 12:01:26
  • Multiple Updates
2016-10-18 12:01:20
  • Multiple Updates
2016-04-26 12:49:47
  • Multiple Updates
2014-02-17 10:27:30
  • Multiple Updates
2013-05-11 11:41:35
  • Multiple Updates