Vulnerability Description
The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6 does not properly handle the credentials of a process that is launched before the module is loaded, which allows local users to gain privileges.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Realtime Linux Security Module | 0.8.7 |
| Conectiva | Linux | 10.0 |
| Ubuntu | Ubuntu Linux | 4.1 |
References
- http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930Vendor Advisory
- http://marc.info/?l=bugtraq&m=110384535113035&w=2
- http://www.securityfocus.com/bid/12093PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18673
- http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930Vendor Advisory
- http://marc.info/?l=bugtraq&m=110384535113035&w=2
- http://www.securityfocus.com/bid/12093PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18673
FAQ
What is CVE-2004-1337?
CVE-2004-1337 is a vulnerability with a CVSS score of 7.2 (HIGH). The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6 does not properly handle the credentials of a process that is launched before the module is loaded, which allows local users to ga...
How severe is CVE-2004-1337?
CVE-2004-1337 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1337?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Realtime Linux Security Module, Conectiva Linux, Ubuntu Ubuntu Linux.