CVE Database As of 11-21-2019

CVE-2004-0814

Impact by CVSS Score
  • ID: CVE-2004-0814
Summary:

Multiple race conditions in the terminal layer in Linux 2.4.x, and 2.6.x before 2.6.9, allow (1) local users to obtain portions of kernel data via a TIOCSETD ioctl call to a terminal interface that is being accessed by another thread, or (2) remote attackers to cause a denial of service (panic) by switching from console to PPP line discipline, then quickly sending data that is received during the switch.

Exploitability Analysis: Local

A vulnerability exploitable with only local access requires the attacker to have either physical access to the vulnerable system or a local (shell) account. Examples of locally exploitable vulnerabilities are peripheral attacks such as Firewire/USB DMA attacks, and local privilege escalations (e.g., sudo).

Exploitability Complexity: High

Specialized access conditions exist. For example, in most configurations, the attacking party must already have elevated privileges or spoof additional systems in addition to the attacking system (e.g., DNS hijacking). The attack depends on social engineering methods that would be easily detected by knowledgeable people. For example, the victim must perform several suspicious or atypical actions. The vulnerable configuration is seen very rarely in practice. If a race condition exists, the window is very narrow.

Authentication: None

Authentication is not required to access and exploit the vulnerability.

Confidentiality Impact: None

There is no impact to the confidentiality of the system.

Integrity Impact: None

There is no impact to the integrity of the system.

Availability Impact: Partial

There is reduced performance or interruptions in resource availability. An example is a network-based flood attack that permits a limited number of successful connections to an Internet service.

Products Affected

cpe:/o:linux:linux_kernel:2.2.0

cpe:/o:linux:linux_kernel:2.2.1

cpe:/o:linux:linux_kernel:2.2.2

cpe:/o:linux:linux_kernel:2.2.3

cpe:/o:linux:linux_kernel:2.2.7

cpe:/o:linux:linux_kernel:2.2.8

cpe:/o:linux:linux_kernel:2.2.9

cpe:/o:linux:linux_kernel:2.2.10

cpe:/o:linux:linux_kernel:2.2.11

cpe:/o:linux:linux_kernel:2.2.12

cpe:/o:linux:linux_kernel:2.2.13

cpe:/o:linux:linux_kernel:2.2.14

cpe:/o:linux:linux_kernel:2.2.15

cpe:/o:linux:linux_kernel:2.2.15:pre16

cpe:/o:linux:linux_kernel:2.2.15_pre20

cpe:/o:linux:linux_kernel:2.2.16

cpe:/o:linux:linux_kernel:2.2.16:pre6

cpe:/o:linux:linux_kernel:2.2.17

cpe:/o:linux:linux_kernel:2.2.18

cpe:/o:linux:linux_kernel:2.2.19

cpe:/o:linux:linux_kernel:2.2.20

cpe:/o:linux:linux_kernel:2.2.21

cpe:/o:linux:linux_kernel:2.2.22

cpe:/o:linux:linux_kernel:2.2.23

cpe:/o:linux:linux_kernel:2.2.24

cpe:/o:linux:linux_kernel:2.2.25

cpe:/o:linux:linux_kernel:2.4.0

cpe:/o:linux:linux_kernel:2.4.0:test1

cpe:/o:linux:linux_kernel:2.4.0:test10

cpe:/o:linux:linux_kernel:2.4.0:test11

cpe:/o:linux:linux_kernel:2.4.0:test12

cpe:/o:linux:linux_kernel:2.4.0:test2

cpe:/o:linux:linux_kernel:2.4.0:test3

cpe:/o:linux:linux_kernel:2.4.0:test4

cpe:/o:linux:linux_kernel:2.4.0:test5

cpe:/o:linux:linux_kernel:2.4.0:test6

cpe:/o:linux:linux_kernel:2.4.0:test7

cpe:/o:linux:linux_kernel:2.4.0:test8

cpe:/o:linux:linux_kernel:2.4.0:test9

cpe:/o:linux:linux_kernel:2.4.1

cpe:/o:linux:linux_kernel:2.4.2

cpe:/o:linux:linux_kernel:2.4.3

cpe:/o:linux:linux_kernel:2.4.4

cpe:/o:linux:linux_kernel:2.4.5

cpe:/o:linux:linux_kernel:2.4.6

cpe:/o:linux:linux_kernel:2.4.7

cpe:/o:linux:linux_kernel:2.4.8

cpe:/o:linux:linux_kernel:2.4.9

cpe:/o:linux:linux_kernel:2.4.10

cpe:/o:linux:linux_kernel:2.4.11

cpe:/o:linux:linux_kernel:2.4.12

cpe:/o:linux:linux_kernel:2.4.13

cpe:/o:linux:linux_kernel:2.4.14

cpe:/o:linux:linux_kernel:2.4.15

cpe:/o:linux:linux_kernel:2.4.16

cpe:/o:linux:linux_kernel:2.4.17

cpe:/o:linux:linux_kernel:2.4.18

cpe:/o:linux:linux_kernel:2.4.18::x86

cpe:/o:linux:linux_kernel:2.4.18:pre1

cpe:/o:linux:linux_kernel:2.4.18:pre2

cpe:/o:linux:linux_kernel:2.4.18:pre3

cpe:/o:linux:linux_kernel:2.4.18:pre4

cpe:/o:linux:linux_kernel:2.4.18:pre5

cpe:/o:linux:linux_kernel:2.4.18:pre6

cpe:/o:linux:linux_kernel:2.4.18:pre7

cpe:/o:linux:linux_kernel:2.4.18:pre8

cpe:/o:linux:linux_kernel:2.4.19

cpe:/o:linux:linux_kernel:2.4.19:pre1

cpe:/o:linux:linux_kernel:2.4.19:pre2

cpe:/o:linux:linux_kernel:2.4.19:pre3

cpe:/o:linux:linux_kernel:2.4.19:pre4

cpe:/o:linux:linux_kernel:2.4.19:pre5

cpe:/o:linux:linux_kernel:2.4.19:pre6

cpe:/o:linux:linux_kernel:2.4.20

cpe:/o:linux:linux_kernel:2.4.21

cpe:/o:linux:linux_kernel:2.4.21:pre1

cpe:/o:linux:linux_kernel:2.4.21:pre4

cpe:/o:linux:linux_kernel:2.4.21:pre7

cpe:/o:linux:linux_kernel:2.4.22

cpe:/o:linux:linux_kernel:2.4.23

cpe:/o:linux:linux_kernel:2.4.23:pre9

cpe:/o:linux:linux_kernel:2.4.23_ow2

cpe:/o:linux:linux_kernel:2.4.24

cpe:/o:linux:linux_kernel:2.4.24_ow1

cpe:/o:linux:linux_kernel:2.4.25

cpe:/o:linux:linux_kernel:2.4.26

cpe:/o:linux:linux_kernel:2.4.27:pre1

cpe:/o:linux:linux_kernel:2.4.27:pre2

cpe:/o:linux:linux_kernel:2.4.27:pre3

cpe:/o:linux:linux_kernel:2.4.27:pre4

cpe:/o:linux:linux_kernel:2.4.27:pre5

cpe:/o:linux:linux_kernel:2.6.0

cpe:/o:linux:linux_kernel:2.6.0:test1

cpe:/o:linux:linux_kernel:2.6.0:test10

cpe:/o:linux:linux_kernel:2.6.0:test11

cpe:/o:linux:linux_kernel:2.6.0:test2

cpe:/o:linux:linux_kernel:2.6.0:test3

cpe:/o:linux:linux_kernel:2.6.0:test4

cpe:/o:linux:linux_kernel:2.6.0:test5

cpe:/o:linux:linux_kernel:2.6.0:test6

cpe:/o:linux:linux_kernel:2.6.0:test7

cpe:/o:linux:linux_kernel:2.6.0:test8

cpe:/o:linux:linux_kernel:2.6.0:test9

cpe:/o:linux:linux_kernel:2.6.1

cpe:/o:linux:linux_kernel:2.6.1:rc1

cpe:/o:linux:linux_kernel:2.6.1:rc2

cpe:/o:linux:linux_kernel:2.6.2

cpe:/o:linux:linux_kernel:2.6.3

cpe:/o:linux:linux_kernel:2.6.4

cpe:/o:linux:linux_kernel:2.6.5

cpe:/o:linux:linux_kernel:2.6.6

cpe:/o:linux:linux_kernel:2.6.6:rc1

cpe:/o:linux:linux_kernel:2.6.7

cpe:/o:linux:linux_kernel:2.6.7:rc1

cpe:/o:linux:linux_kernel:2.6.8:rc1

cpe:/o:linux:linux_kernel:2.6.8:rc2

cpe:/o:linux:linux_kernel:2.6.8:rc3

cpe:/o:linux:linux_kernel:2.6_test9_cvs

cpe:/o:ubuntu:ubuntu_linux:4.1::ia64

cpe:/o:ubuntu:ubuntu_linux:4.1::ppc


Search
Impact
Low
CVSS Score
1.2
Created
2004-12-23 00:00:00
Modified
2017-10-10 21:29:34

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be