CVE-2004-0109

NameCVE-2004-0109
DescriptionBuffer overflow in the ISO9660 file system component for Linux kernel 2.4.x, 2.5.x and 2.6.x, allows local users with physical access to overflow kernel memory and execute arbitrary code via a malformed CD containing a long symbolic link entry.
SourceCVE (at NVD; LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-479, DSA-480, DSA-481, DSA-482, DSA-489, DSA-491, DSA-495
NVD severitymedium (attack range: local)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
kernel-image-2.4.16-lartsourcewoody20040419mediumDSA-495
kernel-image-2.4.16-netwindersourcewoody20040419mediumDSA-495
kernel-image-2.4.16-riscpcsourcewoody20040419mediumDSA-495
kernel-image-2.4.17-hppasourcewoody32.4mediumDSA-480
kernel-image-2.4.17-ia64sourcewoody011226.17mediumDSA-481
kernel-image-2.4.17-s390sourcewoody2.4.17-2.woody.4mediumDSA-482
kernel-image-2.4.18-1-alphasourcewoody2.4.18-15mediumDSA-479
kernel-image-2.4.18-1-i386sourcewoody2.4.18-13mediumDSA-479
kernel-image-2.4.18-hppasourcewoody62.3mediumDSA-480
kernel-image-2.4.18-i386bfsourcewoody2.4.18-5woody8mediumDSA-479
kernel-patch-2.4.16-armsourcewoody20040419mediumDSA-495
kernel-patch-2.4.17-apussourcewoody2.4.17-5mediumDSA-482
kernel-patch-2.4.17-mipssourcewoody2.4.17-0.020226.2.woody6mediumDSA-489
kernel-patch-2.4.17-mipselsourcewoody2.4.17-0.020226.2.woody6mediumDSA-489
kernel-patch-2.4.17-s390sourcewoody2.4.17-2.woody.4mediumDSA-482
kernel-patch-2.4.18-powerpcsourcewoody2.4.18-1woody5mediumDSA-479
kernel-patch-2.4.19-mipssourcewoody2.4.19-0.020911.1.woody4mediumDSA-491
kernel-source-2.4.16sourcewoody2.4.16-1woody2mediumDSA-495
kernel-source-2.4.17sourcewoody2.4.17-1woody3mediumDSA-489
kernel-source-2.4.18sourcewoody2.4.18-14.3mediumDSA-479
kernel-source-2.4.19sourcewoody2.4.19-4.woody2mediumDSA-491
kernel-source-2.4.27source(unstable)(not affected)
linux-2.6source(unstable)(not affected)

Notes

- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26-rc4)
- linux-2.6 <not-affected> (fixed before first upload; 2.6.6)

Search for package or bug name: Reporting problems