Executive Summary

Informations
Name CVE-2004-0814 First vendor Publication 2004-12-23
Vendor Cve Last vendor Modification 2017-10-11

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:H/Au:N/C:N/I:N/A:P)
Cvss Base Score 1.2 Attack Range Local
Cvss Impact Score 2.9 Attack Complexity High
Cvss Expoit Score 1.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple race conditions in the terminal layer in Linux 2.4.x, and 2.6.x before 2.6.9, allow (1) local users to obtain portions of kernel data via a TIOCSETD ioctl call to a terminal interface that is being accessed by another thread, or (2) remote attackers to cause a denial of service (panic) by switching from console to PPP line discipline, then quickly sending data that is received during the switch.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0814

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10728
 
Oval ID: oval:org.mitre.oval:def:10728
Title: Multiple race conditions in the terminal layer in Linux 2.4.x, and 2.6.x before 2.6.9, allow (1) local users to obtain portions of kernel data via a TIOCSETD ioctl call to a terminal interface that is being accessed by another thread, or (2) remote attackers to cause a denial of service (panic) by switching from console to PPP line discipline, then quickly sending data that is received during the switch.
Description: Multiple race conditions in the terminal layer in Linux 2.4.x, and 2.6.x before 2.6.9, allow (1) local users to obtain portions of kernel data via a TIOCSETD ioctl call to a terminal interface that is being accessed by another thread, or (2) remote attackers to cause a denial of service (panic) by switching from console to PPP line discipline, then quickly sending data that is received during the switch.
Family: unix Class: vulnerability
Reference(s): CVE-2004-0814
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 118
Os 2

OpenVAS Exploits

Date Description
2009-10-10 Name : SLES9: Security update for Linux kernel
File : nvt/sles9p5011171.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
11045 Linux Kernel PPP/Terminal Subsystem Denial of Service

The Linux kernel's PPP subsystem contains a flaw that may allow a malicious user to crash a remote host. This is due to a race condition in the PPP system -- if an attacker connects via PPP and then issues the command to switch from console to terminal mode and then sends data at precisely the right moment so that it arrives as the line is making the disclipline switch, the condition will be triggered. It is likely that the flaw will cause an operating system lock, resulting in a loss of availability.
11044 Linux Kernel Terminal Subsystem TIOCSETLD Call Memory Disclosure

Nessus® Vulnerability Scanner

Date Description
2006-07-05 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2005-293.nasl - Type : ACT_GATHER_INFO
2006-01-15 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-38-1.nasl - Type : ACT_GATHER_INFO
2006-01-15 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-47-1.nasl - Type : ACT_GATHER_INFO
2005-04-25 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2005-293.nasl - Type : ACT_GATHER_INFO
2005-03-25 Name : The remote host is missing a vendor-supplied security patch
File : suse_SA_2005_018.nasl - Type : ACT_GATHER_INFO
2005-01-26 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2005-022.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/11491
http://www.securityfocus.com/bid/11492
BUGTRAQ http://marc.info/?l=bugtraq&m=110306397320336&w=2
http://www.securityfocus.com/archive/1/379005
CONFIRM http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=131672
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=133110
FEDORA https://bugzilla.fedora.us/show_bug.cgi?id=2336
MANDRAKE http://www.mandriva.com/security/advisories?name=MDKSA-2005:022
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
REDHAT http://www.redhat.com/support/errata/RHSA-2005-293.html
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/17816

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
Date Informations
2024-02-02 01:02:37
  • Multiple Updates
2024-02-01 12:01:33
  • Multiple Updates
2023-09-05 12:02:29
  • Multiple Updates
2023-09-05 01:01:24
  • Multiple Updates
2023-09-02 12:02:30
  • Multiple Updates
2023-09-02 01:01:24
  • Multiple Updates
2023-08-12 12:03:02
  • Multiple Updates
2023-08-12 01:01:24
  • Multiple Updates
2023-08-11 12:02:37
  • Multiple Updates
2023-08-11 01:01:26
  • Multiple Updates
2023-08-06 12:02:25
  • Multiple Updates
2023-08-06 01:01:25
  • Multiple Updates
2023-08-04 12:02:28
  • Multiple Updates
2023-08-04 01:01:26
  • Multiple Updates
2023-07-14 12:02:27
  • Multiple Updates
2023-07-14 01:01:26
  • Multiple Updates
2023-03-29 01:02:29
  • Multiple Updates
2023-03-28 12:01:31
  • Multiple Updates
2022-10-11 12:02:11
  • Multiple Updates
2022-10-11 01:01:18
  • Multiple Updates
2021-05-04 12:02:24
  • Multiple Updates
2021-04-22 01:02:33
  • Multiple Updates
2020-05-23 00:15:53
  • Multiple Updates
2017-10-11 09:23:23
  • Multiple Updates
2017-07-11 12:01:30
  • Multiple Updates
2016-10-18 12:01:22
  • Multiple Updates
2016-04-26 12:53:24
  • Multiple Updates
2014-02-17 10:28:00
  • Multiple Updates
2013-05-11 11:43:05
  • Multiple Updates