SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  OS (Linux)  >  Linux Kernel Vendors:  kernel.org
Linux Kernel panic() Buffer Overflow Has Unspecified Impact
SecurityTracker Alert ID:  1009931
SecurityTracker URL:  http://securitytracker.com/id?1009931
CVE Reference:  CAN-2004-0394   (Links to External Site)
Date:  Apr 23 2004
Impact:  Not specified
Vendor Confirmed:  Yes  
Version(s): 2.4, 2.6
Description:  A buffer overflow vulnerability was reported in the Linux Kernel in the panic() function. The impact was not specified.

Red Hat reported that there is a potential buffer overflow in the Linux kernel in the panic() function. According to the report, the flaw is unlikely to be exploitable becuase the function does not return.

Shaun Colley is credited with discovering this flaw.
Impact:  The impact was not specified.
Solution:  No solution was available at the time of this entry.

[See the Message History for separate alerts regarding fixes from individual Linux distribution vendors.]
Vendor URL:  www.kernel.org/ (Links to External Site)
Cause:  Boundary error
Underlying OS:  Linux (Caldera/SCO), Linux (Conectiva), Linux (Debian), Linux (EnGarde), Linux (Gentoo), Linux (HP Secure OS), Linux (Immunix), Linux (Mandrake), Linux (Progeny Debian), Linux (Red Hat Enterprise), Linux (Red Hat Fedora), Linux (Red Hat Linux), Linux (SGI), Linux (Slackware), Linux (Sun), Linux (SuSE), Linux (Trustix), Linux (Turbo Linux), Linux (Xandros)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Apr 27 2004 (Mandrake Issues Fix) Linux Kernel panic() Buffer Overflow Has Unspecified Impact   (Mandrake Linux Security Team <security@linux-mandrake.com>)
Mandrake has released a fix.
May 1 2004 (Engarde Issues Fix) Linux Kernel panic() Buffer Overflow Has Unspecified Impact   (engarde-announce-admins@guardiandigital.com)
Guardian Digital has released a fix for EnGarde.
May 1 2004 (Slackware Issues Fix) Linux Kernel panic() Buffer Overflow Has Unspecified Impact   (Slackware Security Team <security@slackware.com>)
Slackware has released a fix.
May 4 2004 (SuSE Issues Fix) Linux Kernel panic() Buffer Overflow Has Unspecified Impact   (Roman Drahtmueller <draht@suse.de>)
SuSE has released a fix.
Dec 30 2004 (Conectiva Issues Fix) Linux Kernel panic() Buffer Overflow Has Unspecified Impact   (Conectiva Updates <secure@conectiva.com.br>)
Conectiva has released a fix.


 Source Message Contents
Date:  Fri, 23 Apr 2004 13:11:35 -0400
Subject:  CAN-2004-0394

 

CVE: CAN-2004-0394

Red Hat reported that there is a potential buffer overflow in the Linux kernel in the 
panic() function.  According to the report, the flaw is unlikely to be exploitable becuase 
the function does not return.

Shaun Colley is credited with discovering this flaw.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2004, SecurityGlobal.net LLC