Ultra Monkey: Kernel Security Bug Database: CAN-2004-0424

Ultra Monkey: High Availability and Load Balancing Solution for Linux

Ultra Monkey: Kernel Security Bug Database

CAN-2004-0424

prev up next
CVE CAN-2004-0424[offsite]
Updated Tue, 25 May 2004 12:53:50 +0900
Summary Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22 through 2.4.25 and 2.6.1 through 2.6.3 allows local users to cause a denial of service (crash) or executee arbitrary code via the MCAST_MSFILTER socket option. (text:CAN-2004-0424)
Priority High
Status Closed
Source RHSA-2004:183-03 FEDORA-2004-111
Link Ultra Monkey News 2004-04-22-00
Resolved In
  Kernel 2.4.26-pre3 (Added in 2.4.22)
  Patch Note patches are additive 2.4.26-pre3 Change Set 1.1302.37.4[offsite] 2.4.26-pre2 Change Set 1.1302.37.1[offsite] 2.4.26-pre1 Change Set 1.1302.16.26[offsite] 2.4.26-pre1 Change Set 1.1302.16.25[offsite] local patch
  Red Hat Linux 7.3
         Vendor (Not Vulnerable < 2.4.22)
         UltraMonkey (Not Vulnerable < 2.4.22)
  Red Hat Linux 8.0
         Vendor (Not Vulnerable < 2.4.22)
         UltraMonkey (Not Vulnerable < 2.4.22)
  Red Hat Linux 9
         Vendor (Not Vulnerable < 2.4.22)
         UltraMonkey (Not Vulnerable < 2.4.22)
  Fedora Core 1
         Vendor kernel-2.4.22-1.2188.nptl
         UltraMonkey kernel-2.4.22-1.2179.nptl.um.2
  Red Hat Enterprise Linux 3
         Vendor kernel-2.4.21-9.0.3.EL
         UltraMonkey kernel-2.4.21-9.0.1.EL.um.3
  Debian Woody
         Vendor Not Vulnerable (< 2.4.22)
         UltraMonkey kernel-source-2.4.22-1-ipvs_2.4.22-7woody.um.2
  Debian Sid
         Vendor kernel-source-2.4.26_2.4.26-1
         UltraMonkey kernel-source-2.4.22-1-ipvs_2.4.22-7.um.2
local data for debugging.
Information provided here is based on the information from the links above and is intended as a refereance only.

Copyright © 2000-2005, Horms
Last Updated: Sat, 04 Mar 2006 02:34:00 -0500

Debian is a registered trademark of Software in the Public Interest, Inc.
Red Hat, the Red Hat Shadowman logo and Fedora are registered trademarks of Red Hat, Inc.
Red Hat may also be refered to as RedHat on this site.
Linux is a registered trademark of Linus Torvalds.
All other trademarks are the property of their respective owners.

prev up next
CVE	CAN-2004-0424[offsite]
Updated	Tue, 25 May 2004 12:53:50 +0900
Summary	Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22 through 2.4.25 and 2.6.1 through 2.6.3 allows local users to cause a denial of service (crash) or executee arbitrary code via the MCAST_MSFILTER socket option. (text:CAN-2004-0424)
Priority	High
Status	Closed
Source	RHSA-2004:183-03 FEDORA-2004-111
Link	Ultra Monkey News 2004-04-22-00
Resolved In
Kernel	2.4.26-pre3 (Added in 2.4.22)
Patch	Note patches are additive 2.4.26-pre3 Change Set 1.1302.37.4[offsite] 2.4.26-pre2 Change Set 1.1302.37.1[offsite] 2.4.26-pre1 Change Set 1.1302.16.26[offsite] 2.4.26-pre1 Change Set 1.1302.16.25[offsite] local patch
Red Hat Linux 7.3
Vendor	(Not Vulnerable < 2.4.22)
UltraMonkey	(Not Vulnerable < 2.4.22)
Red Hat Linux 8.0
Vendor	(Not Vulnerable < 2.4.22)
UltraMonkey	(Not Vulnerable < 2.4.22)
Red Hat Linux 9
Vendor	(Not Vulnerable < 2.4.22)
UltraMonkey	(Not Vulnerable < 2.4.22)
Fedora Core 1
Vendor	kernel-2.4.22-1.2188.nptl
UltraMonkey	kernel-2.4.22-1.2179.nptl.um.2
Red Hat Enterprise Linux 3
Vendor	kernel-2.4.21-9.0.3.EL
UltraMonkey	kernel-2.4.21-9.0.1.EL.um.3
Debian Woody
Vendor	Not Vulnerable (< 2.4.22)
UltraMonkey	kernel-source-2.4.22-1-ipvs_2.4.22-7woody.um.2
Debian Sid
Vendor	kernel-source-2.4.26_2.4.26-1
UltraMonkey	kernel-source-2.4.22-1-ipvs_2.4.22-7.um.2
local data for debugging.
Information provided here is based on the information from the links above and is intended as a refereance only.