Vulnerability Description
The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mandrakesoft | Mandrake Multi Network Firewall | 8.2 |
| Suse | Suse Email Server | 3.1 |
| Suse | Suse Linux Admin-Cd For Firewall | All versions |
| Suse | Suse Linux Connectivity Server | All versions |
| Suse | Suse Linux Database Server | All versions |
| Suse | Suse Linux Firewall Cd | All versions |
| Suse | Suse Linux Firewall Live-Cd | All versions |
| Suse | Suse Linux Office Server | All versions |
| Suse | Suse Office Server | All versions |
| Conectiva | Linux | 8.0 |
| Engardelinux | Secure Community | 2.0 |
| Engardelinux | Secure Linux | 1.5 |
| Gentoo | Linux | 1.4 |
| Linux | Linux Kernel | 2.4.0 |
| Mandrakesoft | Mandrake Linux | 9.1 |
| Mandrakesoft | Mandrake Linux Corporate Server | 2.1 |
| Suse | Suse Linux | 7 |
References
- ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=125168
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000845
- http://lwn.net/Articles/91155/
- http://security.gentoo.org/glsa/glsa-200407-02.xmlVendor Advisory
- http://www.kernel.org/pub/linux/kernel/v2.4/testing/patch-2.4.27.log
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:062
- http://www.novell.com/linux/security/advisories/2004_20_kernel.html
- http://www.redhat.com/support/errata/RHSA-2004-413.htmlPatchVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2004-418.html
- http://www.securityfocus.com/bid/10352PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16159
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=125168
FAQ
What is CVE-2004-0535?
CVE-2004-0535 is a vulnerability with a CVSS score of 2.1 (LOW). The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally i...
How severe is CVE-2004-0535?
CVE-2004-0535 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0535?
Check the references section above for vendor advisories and patch information. Affected products include: Mandrakesoft Mandrake Multi Network Firewall, Suse Suse Email Server, Suse Suse Linux Admin-Cd For Firewall, Suse Suse Linux Connectivity Server, Suse Suse Linux Database Server.