CVE-2004-0109

NameCVE-2004-0109
DescriptionBuffer overflow in the ISO9660 file system component for Linux kernel 2.4.x, 2.5.x and 2.6.x, allows local users with physical access to overflow kernel memory and execute arbitrary code via a malformed CD containing a long symbolic link entry.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-479, DSA-480, DSA-481, DSA-482, DSA-489, DSA-491, DSA-495
NVD severitymedium (attack range: local)
Debian/oldstablenot vulnerable.
Debian/stablenot known to be vulnerable.
Debian/testingnot known to be vulnerable.
Debian/unstablenot known to be vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux-2.6 (PTS)squeeze (security), squeeze2.6.32-48squeeze6fixed
squeeze (lts)2.6.32-48squeeze11fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
kernel-image-2.4.16-lartsourcewoody20040419mediumDSA-495
kernel-image-2.4.16-netwindersourcewoody20040419mediumDSA-495
kernel-image-2.4.16-riscpcsourcewoody20040419mediumDSA-495
kernel-image-2.4.17-hppasourcewoody32.4mediumDSA-480
kernel-image-2.4.17-ia64sourcewoody011226.17mediumDSA-481
kernel-image-2.4.17-s390sourcewoody2.4.17-2.woody.4mediumDSA-482
kernel-image-2.4.18-1-alphasourcewoody2.4.18-15mediumDSA-479
kernel-image-2.4.18-1-i386sourcewoody2.4.18-13mediumDSA-479
kernel-image-2.4.18-hppasourcewoody62.3mediumDSA-480
kernel-image-2.4.18-i386bfsourcewoody2.4.18-5woody8mediumDSA-479
kernel-patch-2.4.16-armsourcewoody20040419mediumDSA-495
kernel-patch-2.4.17-apussourcewoody2.4.17-5mediumDSA-482
kernel-patch-2.4.17-mipssourcewoody2.4.17-0.020226.2.woody6mediumDSA-489
kernel-patch-2.4.17-mipselsourcewoody2.4.17-0.020226.2.woody6mediumDSA-489
kernel-patch-2.4.17-s390sourcewoody2.4.17-2.woody.4mediumDSA-482
kernel-patch-2.4.18-powerpcsourcewoody2.4.18-1woody5mediumDSA-479
kernel-patch-2.4.19-mipssourcewoody2.4.19-0.020911.1.woody4mediumDSA-491
kernel-source-2.4.16sourcewoody2.4.16-1woody2mediumDSA-495
kernel-source-2.4.17sourcewoody2.4.17-1woody3mediumDSA-489
kernel-source-2.4.18sourcewoody2.4.18-14.3mediumDSA-479
kernel-source-2.4.19sourcewoody2.4.19-4.woody2mediumDSA-491
kernel-source-2.4.27source(unstable)(not affected)
linux-2.6source(unstable)(not affected)

Notes

- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26-rc4)
- linux-2.6 <not-affected> (fixed before first upload; 2.6.6)

Search for package or bug name: Reporting problems