#VU99735 Out-of-bounds read in Linux kernel - CVE-2004-1137
Vulnerability identifier: #VU99735
Vulnerability risk: Low
CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Network
Exploit availability: Yes
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Multiple vulnerabilities in the IGMP functionality for Linux kernel 2.4.22 to 2.4.28, and 2.6.x to 2.6.9, allow local and remote attackers to cause a denial of service or execute arbitrary code via (1) the ip_mc_source function, which decrements a counter to -1, or (2) the igmp_marksources function, which does not properly validate IGMP message parameters and performs an out-of-bounds read.
Mitigation
Install update from vendor's repository.
Vulnerable software versions
Linux kernel: All versions
External links
https://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
https://isec.pl/vulnerabilities/isec-0018-igmp.txt
https://marc.info/?l=bugtraq&m=110306397320336&w=2
https://www.mandriva.com/security/advisories?name=MDKSA-2005:022
https://www.novell.com/linux/security/advisories/2004_44_kernel.html
https://www.redhat.com/support/errata/RHSA-2005-092.html
https://bugzilla.fedora.us/show_bug.cgi?id=2336
https://exchange.xforce.ibmcloud.com/vulnerabilities/18481
https://exchange.xforce.ibmcloud.com/vulnerabilities/18482
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11144
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
