1. CVE-Search
  2. CVE-2004-0554
ID CVE-2004-0554
Summary Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a "crash.c" program.
References
Vulnerable Configurations
  • cpe:2.3:h:avaya:converged_communications_server:2.0:*:*:*:*:*:*:*
    cpe:2.3:h:avaya:converged_communications_server:2.0:*:*:*:*:*:*:*
  • cpe:2.3:o:avaya:modular_messaging_message_storage_server:s3400:*:*:*:*:*:*:*
    cpe:2.3:o:avaya:modular_messaging_message_storage_server:s3400:*:*:*:*:*:*:*
  • cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*
    cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.4.18:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.4.18:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.4.19:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.4.19:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.4.21:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.4.21:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.4.22:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.4.22:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.4.23:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.4.23:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.4.24:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.4.24:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.4.25:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.4.25:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.4.26:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.4.26:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.0:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.1:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.1:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.1:rc1:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.1:rc1:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.1:rc2:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.1:rc2:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.2:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.2:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.3:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.3:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.4:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.4:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.5:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.5:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.6:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.6:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.6:rc1:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.6:rc1:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.7:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.7:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.7:rc1:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.7:rc1:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:7:*:enterprise_server:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:7:*:enterprise_server:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:8.0:*:i386:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:8.0:*:i386:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:avaya:intuity_audix:*:*:lx:*:*:*:*:*
    cpe:2.3:a:avaya:intuity_audix:*:*:lx:*:*:*:*:*
  • cpe:2.3:a:suse:suse_email_server:3.1:*:*:*:*:*:*:*
    cpe:2.3:a:suse:suse_email_server:3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:suse:suse_email_server:iii:*:*:*:*:*:*:*
    cpe:2.3:a:suse:suse_email_server:iii:*:*:*:*:*:*:*
  • cpe:2.3:a:suse:suse_linux_admin-cd_for_firewall:*:*:*:*:*:*:*:*
    cpe:2.3:a:suse:suse_linux_admin-cd_for_firewall:*:*:*:*:*:*:*:*
  • cpe:2.3:a:suse:suse_linux_connectivity_server:*:*:*:*:*:*:*:*
    cpe:2.3:a:suse:suse_linux_connectivity_server:*:*:*:*:*:*:*:*
  • cpe:2.3:a:suse:suse_linux_database_server:*:*:*:*:*:*:*:*
    cpe:2.3:a:suse:suse_linux_database_server:*:*:*:*:*:*:*:*
  • cpe:2.3:a:suse:suse_linux_firewall_cd:*:*:*:*:*:*:*:*
    cpe:2.3:a:suse:suse_linux_firewall_cd:*:*:*:*:*:*:*:*
  • cpe:2.3:a:suse:suse_linux_office_server:*:*:*:*:*:*:*:*
    cpe:2.3:a:suse:suse_linux_office_server:*:*:*:*:*:*:*:*
  • cpe:2.3:a:suse:suse_office_server:*:*:*:*:*:*:*:*
    cpe:2.3:a:suse:suse_office_server:*:*:*:*:*:*:*:*
  • cpe:2.3:h:avaya:s8300:r2.0.0:*:*:*:*:*:*:*
    cpe:2.3:h:avaya:s8300:r2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:h:avaya:s8300:r2.0.1:*:*:*:*:*:*:*
    cpe:2.3:h:avaya:s8300:r2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:h:avaya:s8500:r2.0.0:*:*:*:*:*:*:*
    cpe:2.3:h:avaya:s8500:r2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:h:avaya:s8500:r2.0.1:*:*:*:*:*:*:*
    cpe:2.3:h:avaya:s8500:r2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:h:avaya:s8700:r2.0.0:*:*:*:*:*:*:*
    cpe:2.3:h:avaya:s8700:r2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:h:avaya:s8700:r2.0.1:*:*:*:*:*:*:*
    cpe:2.3:h:avaya:s8700:r2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:o:conectiva:linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:conectiva:linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:conectiva:linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:conectiva:linux:9.0:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 11-10-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:N/A:P
oval via4
  • accepted 2004-10-06T12:00:00.000-04:00
    class vulnerability
    contributors
    name Jay Beale
    organization Bastille Linux
    description Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a "crash.c" program.
    family unix
    id oval:org.mitre.oval:def:2915
    status accepted
    submitted 2004-09-02T12:10:00.000-04:00
    title Linux Kernel Denial of Service Vulnerability via fsave and frstor Instructions
    version 4
  • accepted 2013-04-29T04:19:20.509-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    description Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a "crash.c" program.
    family unix
    id oval:org.mitre.oval:def:9426
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool.
    version 29
redhat via4
advisories
  • rhsa
    id RHSA-2004:255
  • rhsa
    id RHSA-2004:260
rpms
  • kernel-0:2.4.21-15.0.2.EL
  • kernel-BOOT-0:2.4.21-15.0.2.EL
  • kernel-debuginfo-0:2.4.21-15.0.2.EL
  • kernel-doc-0:2.4.21-15.0.2.EL
  • kernel-hugemem-0:2.4.21-15.0.2.EL
  • kernel-hugemem-unsupported-0:2.4.21-15.0.2.EL
  • kernel-smp-0:2.4.21-15.0.2.EL
  • kernel-smp-unsupported-0:2.4.21-15.0.2.EL
  • kernel-source-0:2.4.21-15.0.2.EL
  • kernel-unsupported-0:2.4.21-15.0.2.EL
refmap via4
bid 10538
bugtraq 20040620 TSSA-2004-011 - kernel
cert-vn VU#973654
conectiva CLA-2004:845
debian
  • DSA-1067
  • DSA-1069
  • DSA-1070
  • DSA-1082
engarde ESA-20040621-005
fedora FEDORA-2004-186
gentoo GLSA-200407-02
mandrake MDKSA-2004:062
misc
mlist [linux-kernel] 20040609 timer + fpu stuff locks my console race
secunia
  • 20162
  • 20163
  • 20202
  • 20338
suse SuSE-SA:2004:017
trustix 2004-0034
xf linux-dos(16412)
Last major update 11-10-2017 - 01:29
Published 06-08-2004 - 04:00
Last modified 11-10-2017 - 01:29
Back to Top