1. Home
  2. CVE Database
  3. CVE-2004-1072
HIGH · 7.2

CVE-2004-1072

The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, may create an interpreter name string that is not NULL terminated, which could cause strings longer than...

Vulnerability Description

The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, may create an interpreter name string that is not NULL terminated, which could cause strings longer than PATH_MAX to be used, leading to buffer overflows that allow local users to cause a denial of service (hang) and possibly execute arbitrary code.

CVSS Score

7.2

HIGH

AV:L/AC:L/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
LinuxLinux Kernel2.4.0
RedhatEnterprise Linux2.1
RedhatEnterprise Linux Desktop3.0
RedhatFedora Corecore_2.0
RedhatLinux Advanced Workstation2.1
SuseSuse Linux1.0
TrustixSecure Linux1.5
TurbolinuxTurbolinux Server10.0

References

FAQ

What is CVE-2004-1072?

CVE-2004-1072 is a vulnerability with a CVSS score of 7.2 (HIGH). The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, may create an interpreter name string that is not NULL terminated, which could cause strings longer than...

How severe is CVE-2004-1072?

CVE-2004-1072 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2004-1072?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Redhat Enterprise Linux, Redhat Enterprise Linux Desktop, Redhat Fedora Core, Redhat Linux Advanced Workstation.