CVE-2004-1058

Race condition in Linux kernel 2.6 allows local users to read the environment variables of another process that is still spawning via /proc/.../cmdline.

CVSS v2.0 1.2 LOW

1.2^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:H/Au:N/C:P/I:N/A:N

Exploitability : 1.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/11937	Patch Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200408-24.xml
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532
http://www.redhat.com/support/errata/RHSA-2006-0190.html
http://www.redhat.com/support/errata/RHSA-2006-0191.html
http://secunia.com/advisories/18684
http://lists.suse.de/archive/suse-security-announce/2006-Feb/0010.html
http://secunia.com/advisories/19038
http://www.redhat.com/support/errata/RHSA-2005-293.html
http://www.debian.org/security/2006/dsa-1018
http://secunia.com/advisories/19369
http://www.securityfocus.com/bid/11052
ftp://patches.sgi.com/support/free/security/advisories/20060402-01-U
http://secunia.com/advisories/19607
http://secunia.com/advisories/21476
http://www.mandriva.com/security/advisories?name=MDKSA-2005:022
https://exchange.xforce.ibmcloud.com/vulnerabilities/17151
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10427
https://usn.ubuntu.com/38-1/

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel:2.6.0:test3::::::
	cpe:2.3:o:linux:linux_kernel:2.6.0:test4::::::
	cpe:2.3:o:linux:linux_kernel:2.6.1:rc1::::::
	cpe:2.3:o:linux:linux_kernel:2.6.1:rc2::::::
	cpe:2.3:o:linux:linux_kernel:2.6.0:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.0:test5::::::
	cpe:2.3:o:linux:linux_kernel:2.6.0:test6::::::
	cpe:2.3:o:linux:linux_kernel:2.6.10:rc2::::::
	cpe:2.3:o:linux:linux_kernel:2.6.2:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.8:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.8:rc1::::::
	cpe:2.3:o:linux:linux_kernel:2.6.5:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.1:::::::*
	cpe:2.3:o:ubuntu:ubuntu_linux:4.1::ppc:::::
	cpe:2.3:o:linux:linux_kernel:2.6.3:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.0:test2::::::
	cpe:2.3:o:linux:linux_kernel:2.6.4:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6_test9_cvs:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.7:rc1::::::
	cpe:2.3:o:linux:linux_kernel:2.6.0:test11::::::
	cpe:2.3:o:linux:linux_kernel:2.6.0:test1::::::
	cpe:2.3:o:linux:linux_kernel:2.6.0:test10::::::
	cpe:2.3:o:linux:linux_kernel:2.6.0:test9::::::
	cpe:2.3:o:linux:linux_kernel:2.6.7:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.6:rc1::::::
	cpe:2.3:o:linux:linux_kernel:2.6.9:2.6.20::::::
	cpe:2.3:o:linux:linux_kernel:2.6.0:test7::::::
	cpe:2.3:o:ubuntu:ubuntu_linux:4.1::ia64:::::
	cpe:2.3:o:linux:linux_kernel:2.6.8:rc2::::::
	cpe:2.3:o:linux:linux_kernel:2.6.8:rc3::::::
	cpe:2.3:o:linux:linux_kernel:2.6.0:test8::::::
	cpe:2.3:o:linux:linux_kernel:2.6.6:::::::*

Information

Published : 2005-01-09 21:00

Updated : 2018-10-03 14:29

NVD link : CVE-2004-1058

Mitre link : CVE-2004-1058

JSON object : View

CWE

NVD-CWE-Other

Products Affected

ubuntu

ubuntu_linux

linux

linux_kernel

1.2 /10