CVE-2004-2731

Multiple integer overflows in Sbus PROM driver (drivers/sbus/char/openprom.c) for the Linux kernel 2.4.x up to 2.4.27, 2.6.x up to 2.6.7, and possibly later versions, allow local users to execute arbitrary code by specifying (1) a small buffer size to the copyin_string function or (2) a negative buffer size to the copyin function.

Affected Software

Name	Vendor	Start Version	End Version
Linux_kernel	Linux	2.4.18	2.4.18
Linux_kernel	Linux	2.4.15	2.4.15
Linux_kernel	Linux	2.4.30	2.4.30
Linux_kernel	Linux	2.4.35.2	2.4.35.2
Linux_kernel	Linux	2.4.0	2.4.0
Linux_kernel	Linux	2.6.5	2.6.5
Linux_kernel	Linux	2.4.11	2.4.11
Linux_kernel	Linux	2.6.1	2.6.1
Linux_kernel	Linux	2.4.32	2.4.32
Linux_kernel	Linux	2.4.33	2.4.33
Linux_kernel	Linux	2.4.27	2.4.27
Linux_kernel	Linux	2.4.18	2.4.18
Linux_kernel	Linux	2.4.9_pre5	2.4.9_pre5
Linux_kernel	Linux	2.4.11	2.4.11
Linux_kernel	Linux	2.4.18	2.4.18
Linux_kernel	Linux	2.4.26	2.4.26
Linux_kernel	Linux	2.4.0	2.4.0
Linux_kernel	Linux	2.4.19	2.4.19
Linux_kernel	Linux	2.4.21	2.4.21
Linux_kernel	Linux	2.4.27	2.4.27
Linux_kernel	Linux	2.4.12	2.4.12
Linux_kernel	Linux	2.4.13	2.4.13
Linux_kernel	Linux	2.4.19	2.4.19
Linux_kernel	Linux	2.6.3	2.6.3
Linux_kernel	Linux	2.4.17	2.4.17
Linux_kernel	Linux	2.6.4	2.6.4
Linux_kernel	Linux	2.4.33.2	2.4.33.2
Linux_kernel	Linux	2.4.21	2.4.21
Linux_kernel	Linux	2.4.21	2.4.21
Linux_kernel	Linux	2.4.23_ow2	2.4.23_ow2
Linux_kernel	Linux	2.4.22	2.4.22
Linux_kernel	Linux	2.4.23	2.4.23
Linux_kernel	Linux	2.4.29	2.4.29
Linux_kernel	Linux	2.4.32	2.4.32
Linux_kernel	Linux	2.6.2	2.6.2
Linux_kernel	Linux	2.4.0	2.4.0
Linux_kernel	Linux	2.4.7	2.4.7
Linux_kernel	Linux	2.4.29	2.4.29
Linux_kernel	Linux	2.4.25	2.4.25
Linux_kernel	Linux	2.4.0	2.4.0
Linux_kernel	Linux	2.4.24	2.4.24
Linux_kernel	Linux	2.4.9	2.4.9
Linux_kernel	Linux	2.4.23	2.4.23
Linux_kernel	Linux	2.4.31	2.4.31
Linux_kernel	Linux	2.4.34	2.4.34
Linux_kernel	Linux	2.4.30	2.4.30
Linux_kernel	Linux	2.4.28	2.4.28
Linux_kernel	Linux	2.4.0	2.4.0
Linux_kernel	Linux	2.6.0	2.6.0
Linux_kernel	Linux	2.4.18	2.4.18
Linux_kernel	Linux	2.4.24_ow1	2.4.24_ow1
Linux_kernel	Linux	2.4.18	2.4.18
Linux_kernel	Linux	2.4.19	2.4.19
Linux_kernel	Linux	2.4.10	2.4.10
Linux_kernel	Linux	2.4.0	2.4.0
Linux_kernel	Linux	2.4.2	2.4.2
Linux_kernel	Linux	2.4.30	2.4.30
Linux_kernel	Linux	2.4.19	2.4.19
Linux_kernel	Linux	2.4.33	2.4.33
Linux_kernel	Linux	2.4.0	2.4.0
Linux_kernel	Linux	2.4.18	2.4.18
Linux_kernel	Linux	2.4.16	2.4.16
Linux_kernel	Linux	2.4.8	2.4.8
Linux_kernel	Linux	2.4.19	2.4.19
Linux_kernel	Linux	2.4.19	2.4.19
Linux_kernel	Linux	2.4.27	2.4.27
Linux_kernel	Linux	2.4.35	2.4.35
Linux_kernel	Linux	2.4.14	2.4.14
Linux_kernel	Linux	2.4.3	2.4.3
Linux_kernel	Linux	2.4.27	2.4.27
Linux_kernel	Linux	2.4.0	2.4.0
Linux_kernel	Linux	2.4.33.3	2.4.33.3
Linux_kernel	Linux	2.4.19	2.4.19
Linux_kernel	Linux	2.4.34.1	2.4.34.1
Linux_kernel	Linux	2.4.21	2.4.21
Linux_kernel	Linux	2.4.33.4	2.4.33.4
Linux_kernel	Linux	2.4.22	2.4.22
Linux_kernel	Linux	2.4.0	2.4.0
Linux_kernel	Linux	2.4.5	2.4.5
Linux_kernel	Linux	2.6.7	2.6.7
Linux_kernel	Linux	2.4.18	2.4.18
Linux_kernel	Linux	2.4.27	2.4.27
Linux_kernel	Linux	2.4.34	2.4.34
Linux_kernel	Linux	2.4.3	2.4.3
Linux_kernel	Linux	2.4.1	2.4.1
Linux_kernel	Linux	2.4.4	2.4.4
Linux_kernel	Linux	2.4.18	2.4.18
Linux_kernel	Linux	2.4.18	2.4.18
Linux_kernel	Linux	2.4.27	2.4.27
Linux_kernel	Linux	2.4.0	2.4.0
Linux_kernel	Linux	2.4.6	2.4.6
Linux_kernel	Linux	2.4.34.2	2.4.34.2
Linux_kernel	Linux	2.4.31	2.4.31
Linux_kernel	Linux	2.4.0	2.4.0
Linux_kernel	Linux	2.4.33.5	2.4.33.5
Linux_kernel	Linux	2.4.0	2.4.0
Linux_kernel	Linux	2.4.29	2.4.29
Linux_kernel	Linux	2.4.20	2.4.20
Linux_kernel	Linux	2.4.0	2.4.0
Linux_kernel	Linux	2.4.18	2.4.18
Linux_kernel	Linux	2.6.6	2.6.6
Linux_kernel	Linux	2.4.32	2.4.32

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-2731
CWE	https://cwe.mitre.org/data/definitions/189.html

Affected Software

References