Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2004-2408 | First vendor Publication | 2004-12-31 |
| Vendor | Cve | Last vendor Modification | 2024-11-20 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 3.6 | Attack Range | Local |
| Cvss Impact Score | 4.9 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Linux VServer 1.27 and earlier, 1.3.9 and earlier, and 1.9.1 and earlier shares /proc permissions across all virtual and host servers, which allows local users with the ability to set permissions in /proc to obtain system information or cause a denial of service on other virtual servers or the host server. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2408 |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 7480 | VServer procfs Arbitrary Server Information Disclosure Linux-VServer contains a flaw that may lead to an unauthorized information disclosure. The issue is caused by weak permissions on the proc file system, which may allow the disclosure of virtual server or system information by local users resulting in a loss of confidentiality. |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:22:45 |
|
| 2024-11-28 12:06:32 |
|
| 2021-05-04 12:02:38 |
|
| 2021-04-22 01:02:50 |
|
| 2020-05-23 00:16:10 |
|
| 2017-07-11 12:01:44 |
|
| 2016-06-28 15:11:13 |
|
| 2016-04-26 13:09:18 |
|
| 2013-05-11 11:48:50 |
|
