Vulnerabilities > CVE-2004-0001 - Unspecified vulnerability in Linux Kernel 2.6.20.1

047910
CVSS 7.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
linux
nessus
NVD
Published: 2004-02-17
Updated: 2017-10-10

Summary

Unknown vulnerability in the eflags checking in the 32-bit ptrace emulation for the Linux kernel on AMD64 systems allows local users to gain privileges.

Vulnerable Configurations

Part Description Count
OS
Linux
1

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2004-063.NASL
    description - Mon Jan 26 2004 Dave Jones <davej at redhat.com> - Fix error in wan config files that broke some configurators. - Reenable VIA DRI. - Fri Jan 16 2004 Dave Jones <davej at redhat.com> - Merge VM updates from post 2.4.22 - Fix AMD64 ptrace security hole. (CVE-2004-0001) - Fix NPTL SMP hang. - Merge bits from 2.4.25pre - R128 DRI limits checking. (CVE-2004-0003) - Various ymfpci fixes. - tmpfs readdir does not update dir atime - Minor IPV4/Netfilter changes. - Fix userspace dereferencing bug in USB Vicam driver. - Merge a few more bits from 2.4.23pre - Numerous tmpfs fixes. - Use list_add_tail in buffer_insert_list - Correctly dequeue SIGSTOP signals in kupdated - Update laptop-mode patch to match mainline. - Wed Jan 14 2004 Dave Jones <davej at redhat.com> - Merge a few more missing netfilter fixes from upstream. - Tue Jan 13 2004 Dave Jones <davej at redhat.com> - Reenable Tux. - Lots of updates from the 2.4.23 era. - Mon Jan 12 2004 Dave Jones <davej at redhat.com> - Avoid deadlocks in USB storage. - Fri Jan 09 2004 Dave Jones <davej at redhat.com> - Fix thread creation race. - Thu Jan 08 2004 Dave Jones <davej at redhat.com> - USB storage: Make Pentax Optio S4 work - Config file tweaking. Only enable CONFIG_SIBLINGS_2 on the kernels that need it. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id13675
    published2004-07-23
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/13675
    titleFedora Core 1 : kernel-2.4.22-1.2166.nptl (2004-063)
    code
    #%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2004-063.
#

include("compat.inc");

if (description)
{
  script_id(13675);
  script_version ("1.18");
  script_cvs_date("Date: 2019/08/02 13:32:23");

  script_xref(name:"FEDORA", value:"2004-063");

  script_name(english:"Fedora Core 1 : kernel-2.4.22-1.2166.nptl (2004-063)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora Core host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"  - Mon Jan 26 2004 Dave Jones <davej at redhat.com>

    - Fix error in wan config files that broke some
      configurators.

    - Reenable VIA DRI.

  - Fri Jan 16 2004 Dave Jones <davej at redhat.com>

    - Merge VM updates from post 2.4.22

    - Fix AMD64 ptrace security hole. (CVE-2004-0001)

    - Fix NPTL SMP hang.

    - Merge bits from 2.4.25pre

    - R128 DRI limits checking. (CVE-2004-0003)

    - Various ymfpci fixes.

    - tmpfs readdir does not update dir atime

    - Minor IPV4/Netfilter changes.

    - Fix userspace dereferencing bug in USB Vicam driver.

    - Merge a few more bits from 2.4.23pre

    - Numerous tmpfs fixes.

    - Use list_add_tail in buffer_insert_list

    - Correctly dequeue SIGSTOP signals in kupdated

    - Update laptop-mode patch to match mainline.

  - Wed Jan 14 2004 Dave Jones <davej at redhat.com>

    - Merge a few more missing netfilter fixes from
      upstream.

  - Tue Jan 13 2004 Dave Jones <davej at redhat.com>

    - Reenable Tux.

    - Lots of updates from the 2.4.23 era.

  - Mon Jan 12 2004 Dave Jones <davej at redhat.com>

    - Avoid deadlocks in USB storage.

  - Fri Jan 09 2004 Dave Jones <davej at redhat.com>

    - Fix thread creation race.

  - Thu Jan 08 2004 Dave Jones <davej at redhat.com>

    - USB storage: Make Pentax Optio S4 work

    - Config file tweaking. Only enable CONFIG_SIBLINGS_2 on
      the kernels that need it.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  # https://lists.fedoraproject.org/pipermail/announce/2004-February/000055.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?27d8f9ee"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_attribute(attribute:"risk_factor", value:"High");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-BOOT");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-smp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-source");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:1");

  script_set_attribute(attribute:"patch_publication_date", value:"2004/02/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/23");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 1.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC1", cpu:"i386", reference:"kernel-2.4.22-1.2166.nptl")) flag++;
if (rpm_check(release:"FC1", cpu:"i386", reference:"kernel-BOOT-2.4.22-1.2166.nptl")) flag++;
if (rpm_check(release:"FC1", cpu:"i386", reference:"kernel-debuginfo-2.4.22-1.2166.nptl")) flag++;
if (rpm_check(release:"FC1", cpu:"i386", reference:"kernel-doc-2.4.22-1.2166.nptl")) flag++;
if (rpm_check(release:"FC1", cpu:"i386", reference:"kernel-smp-2.4.22-1.2166.nptl")) flag++;
if (rpm_check(release:"FC1", cpu:"i386", reference:"kernel-source-2.4.22-1.2166.nptl")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-BOOT / kernel-debuginfo / kernel-doc / kernel-smp / etc");
}
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200402-06.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200402-06 (Updated kernel packages fix the AMD64 ptrace vulnerability) A vulnerability has been discovered by Andi Kleen in the ptrace emulation code for AMD64 platforms when eflags are processed, allowing a local user to obtain elevated privileges. The Common Vulnerabilities and Exposures project, http://cve.mitre.org, has assigned CAN-2004-0001 to this issue. Impact : Only users of the AMD64 platform are affected: in this scenario, a user may be able to obtain elevated privileges, including root access. However, no public exploit is known for the vulnerability at this time. Workaround : There is no temporary workaround - a kernel upgrade is required. A list of unaffected kernels is provided along with this announcement.
    last seen2020-06-01
    modified2020-06-02
    plugin id14450
    published2004-08-30
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14450
    titleGLSA-200402-06 : Updated kernel packages fix the AMD64 ptrace vulnerability
    code
    #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 200402-06.
#
# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include("compat.inc");

if (description)
{
  script_id(14450);
  script_version("1.14");
  script_cvs_date("Date: 2019/08/02 13:32:41");

  script_xref(name:"GLSA", value:"200402-06");

  script_name(english:"GLSA-200402-06 : Updated kernel packages fix the AMD64 ptrace vulnerability");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-200402-06
(Updated kernel packages fix the AMD64 ptrace vulnerability)

    A vulnerability has been discovered by Andi Kleen in the ptrace emulation
    code for AMD64 platforms when eflags are processed, allowing a local user
    to obtain elevated privileges.  The Common Vulnerabilities and Exposures
    project, http://cve.mitre.org, has assigned CAN-2004-0001 to this issue.
  
Impact :

    Only users of the AMD64 platform are affected: in this scenario, a user may
    be able to obtain elevated privileges, including root access. However, no
    public exploit is known for the vulnerability at this time.
  
Workaround :

    There is no temporary workaround - a kernel upgrade is required. A list of
    unaffected kernels is provided along with this announcement."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/200402-06"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Users are encouraged to upgrade to the latest available sources for
    their system:
    # emerge sync
    # emerge -pv your-favourite-sources
    # emerge your-favourite-sources
    # # Follow usual procedure for compiling and installing a kernel.
    # # If you use genkernel, run genkernel as you would do normally.
    # # IF YOUR KERNEL IS MARKED as 'remerge required!' THEN
    # # YOU SHOULD UPDATE YOUR KERNEL EVEN IF PORTAGE
    # # REPORTS THAT THE SAME VERSION IS INSTALLED."
  );
  script_set_attribute(attribute:"risk_factor", value:"Medium");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:ck-sources");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:development-sources");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:gentoo-dev-sources");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:gentoo-sources");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:gentoo-test-sources");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:gs-sources");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:vanilla-prepatch-sources");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:vanilla-sources");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2004/02/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/08/30");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list", "Host/Gentoo/arch");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/Gentoo/arch");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(amd64)$") audit(AUDIT_ARCH_NOT, "amd64", ourarch);

flag = 0;

if (qpkg_check(package:"sys-kernel/development-sources", arch:"amd64", unaffected:make_list("ge 2.6.2"), vulnerable:make_list("lt 2.6.2"))) flag++;
if (qpkg_check(package:"sys-kernel/gentoo-dev-sources", arch:"amd64", unaffected:make_list("ge 2.6.2"), vulnerable:make_list("lt 2.6.2"))) flag++;
if (qpkg_check(package:"sys-kernel/vanilla-prepatch-sources", arch:"amd64", unaffected:make_list("ge 2.4.25_rc3"), vulnerable:make_list("lt 2.4.25_rc3"))) flag++;
if (qpkg_check(package:"sys-kernel/gentoo-test-sources", arch:"amd64", unaffected:make_list("ge 2.6.2-r1"), vulnerable:make_list("lt 2.6.2"))) flag++;
if (qpkg_check(package:"sys-kernel/vanilla-sources", arch:"amd64", unaffected:make_list("ge 2.4.24-r1"), vulnerable:make_list("lt 2.4.24-r1"))) flag++;
if (qpkg_check(package:"sys-kernel/gentoo-sources", arch:"amd64", unaffected:make_list("ge 2.4.22-r6"), vulnerable:make_list("lt 2.4.22-r6"))) flag++;
if (qpkg_check(package:"sys-kernel/gs-sources", arch:"amd64", unaffected:make_list("ge 2.4.25_pre7-r1"), vulnerable:make_list("lt 2.4.25_pre7-r1"))) flag++;
if (qpkg_check(package:"sys-kernel/ck-sources", arch:"amd64", unaffected:make_list("ge 2.6.2"), vulnerable:make_list("lt 2.6.2"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sys-kernel/development-sources / sys-kernel/gentoo-dev-sources / etc");
}
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2004-017.NASL
    descriptionUpdated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 3. This is the first regular update. The Linux kernel handles the basic functions of the operating system. This is the first regular kernel update for Red Hat Enterprise Linux version 3. It contains a new critical security fix, many other bug fixes, several device driver updates, and numerous performance and scalability enhancements. On AMD64 systems, a fix was made to the eflags checking in 32-bit ptrace emulation that could have allowed local users to elevate their privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0001 to this issue. Other bug fixes were made in the following kernel areas: VM, NPTL, IPC, kernel timer, ext3, NFS, netdump, SCSI, ACPI, several device drivers, and machine-dependent support for the x86_64, ppc64, and s390 architectures. The VM subsystem was improved to better handle extreme loads and resource contention (such as might occur during heavy database application usage). This has resulted in a significantly reduced possibility of hangs, OOM kills, and low-mem exhaustion. Several NPTL fixes were made to resolve POSIX compliance issues concerning process IDs and thread IDs. A section in the Release Notes elaborates on a related issue with file record locking in multi-threaded applications. AMD64 kernels are now configured with NUMA support, S390 kernels now have CONFIG_BLK_STATS enabled, and DMA capability was restored in the IA64 agpgart driver. The following drivers have been upgraded to new versions : cmpci ------ 6.36 e100 ------- 2.3.30-k1 e1000 ------ 5.2.20-k1 ips -------- 6.10.52 megaraid --- v1.18k megaraid2 -- v2.00.9 All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.
    last seen2020-06-01
    modified2020-06-02
    plugin id12451
    published2004-07-06
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/12451
    titleRHEL 3 : kernel (RHSA-2004:017)

Oval

accepted2004-06-16T12:00:00.000-04:00
classvulnerability
contributors
  • nameMatt Busby
    organizationThe MITRE Corporation
  • nameMatt Busby
    organizationThe MITRE Corporation
descriptionUnknown vulnerability in the eflags checking in the 32-bit ptrace emulation for the Linux kernel on AMD64 systems allows local users to gain privileges.
familyunix
idoval:org.mitre.oval:def:868
statusaccepted
submitted2004-03-20T12:00:00.000-04:00
titleLinux Kernel eflags Checking Privilege Escalation Vulnerability
version36

Redhat

advisories
rhsa
idRHSA-2004:017
rpms
  • kernel-0:2.4.21-9.EL
  • kernel-BOOT-0:2.4.21-9.EL
  • kernel-debuginfo-0:2.4.21-9.EL
  • kernel-doc-0:2.4.21-9.EL
  • kernel-hugemem-0:2.4.21-9.EL
  • kernel-hugemem-unsupported-0:2.4.21-9.EL
  • kernel-smp-0:2.4.21-9.EL
  • kernel-smp-unsupported-0:2.4.21-9.EL
  • kernel-source-0:2.4.21-9.EL
  • kernel-unsupported-0:2.4.21-9.EL

References