CVE - CVE-2004-0427

CVE-ID
CVE-2004-0427	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before 2.6.6, does not properly decrement the mm_count counter when an error occurs after the mm_struct for a child process has been activated, which triggers a memory leak that allows local users to cause a denial of service (memory exhaustion) via the clone (CLONE_VM) system call.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:10221 URL:http://www.securityfocus.com/bid/10221 CIAC:O-164 URL:http://www.ciac.org/ciac/bulletins/o-164.shtml CONECTIVA:CLA-2004:846 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846 DEBIAN:DSA-1067 URL:http://www.debian.org/security/2006/dsa-1067 DEBIAN:DSA-1069 URL:http://www.debian.org/security/2006/dsa-1069 DEBIAN:DSA-1070 URL:http://www.debian.org/security/2006/dsa-1070 DEBIAN:DSA-1082 URL:http://www.debian.org/security/2006/dsa-1082 ENGARDE:ESA-20040428-004 FEDORA:FEDORA-2004-111 URL:http://fedoranews.org/updates/FEDORA-2004-111.shtml GENTOO:GLSA-200407-02 URL:http://security.gentoo.org/glsa/glsa-200407-02.xml MANDRAKE:MDKSA-2004:037 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2004:037 MISC:http://linux.bkbits.net:8080/linux-2.4/cset@407bf20eDeeejm8t36_tpvSE-8EFHA MISC:http://linux.bkbits.net:8080/linux-2.6/cset@407b1217x4jtqEkpFW2g_-RcF0726A MLIST:[linux-kernel] 20040408 [PATCH]: 2.4/2.6 do_fork() error path memory leak URL:http://marc.info/?l=linux-kernel&m=108139073506983&w=2 OVAL:oval:org.mitre.oval:def:10297 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10297 OVAL:oval:org.mitre.oval:def:2819 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2819 REDHAT:RHSA-2004:255 URL:http://www.redhat.com/support/errata/RHSA-2004-255.html REDHAT:RHSA-2004:260 URL:http://www.redhat.com/support/errata/RHSA-2004-260.html REDHAT:RHSA-2004:327 URL:http://www.redhat.com/support/errata/RHSA-2004-327.html SECUNIA:11429 URL:http://secunia.com/advisories/11429 SECUNIA:11464 URL:http://secunia.com/advisories/11464 SECUNIA:11486 URL:http://secunia.com/advisories/11486 SECUNIA:11541 URL:http://secunia.com/advisories/11541 SECUNIA:11861 URL:http://secunia.com/advisories/11861 SECUNIA:11891 URL:http://secunia.com/advisories/11891 SECUNIA:11892 URL:http://secunia.com/advisories/11892 SECUNIA:20162 URL:http://secunia.com/advisories/20162 SECUNIA:20163 URL:http://secunia.com/advisories/20163 SECUNIA:20202 URL:http://secunia.com/advisories/20202 SECUNIA:20338 URL:http://secunia.com/advisories/20338 SGI:20040504-01-U URL:ftp://patches.sgi.com/support/free/security/advisories/20040504-01-U.asc SGI:20040505-01-U URL:ftp://patches.sgi.com/support/free/security/advisories/20040505-01-U.asc SUSE:SuSE-SA:2004:010 URL:http://www.novell.com/linux/security/advisories/2004_10_kernel.html TURBO:TLSA-2004-14 URL:http://www.turbolinux.com/security/2004/TLSA-2004-14.txt XF:linux-dofork-memory-leak(16002) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/16002
Assigning CNA
MITRE Corporation
Date Record Created
20040429	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20040429)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)