Candidate: CVE-2004-0136 References: REDHAT:RHSA-2004:549 URL:http://www.redhat.com/support/errata/RHSA-2004-549.html SGI:20040601-01-P URL:ftp://patches.sgi.com/support/free/security/advisories/20040601-01-P.asc XF:irix-mapelf32exec-dos(16416) URL:http://xforce.iss.net/xforce/xfdb/16416 BID:10547 URL:http://www.securityfocus.com/bid/10547 Description: The mapelf32exec function call in IRIX 6.5.20 through 6.5.24 allows local users to cause a denial of service (system crash) via a "corrupted binary." Notes: Strange description, but I think this is actually a Linux issue; note the RedHat URLs above. dannf> I think I've traced this issue back to a flawed bug report, and that dannf> this is really CAN-2004-0138. + mitre references a RedHat advisory for this, RHSA-2004:504-13 + RHSA-2004:504-13 does in fact reference CVE-2004-0136 + RedHat notes that their fixed src.rpm is kernel-2.4.18-e.52.src.rpm + The changelog in the spec file in the above .src.rpm contains the following entry: * Tue Nov 16 2004 Jim Paradis - Fixes for security holes in binfmt_elf loader (Dave Anderson, Jim Paradis), bugs 127916, 134876 + https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127916 references CVE-2004-0136, but the patches it links to are the fixes for CVE-2004-0138 jmm> Red Hat accidentally used CVE-2004-0138 for this in an advisory, pulling jmm> over the entries from it jmm> I've verified that the fix from jmm> http://linux.bkbits.net:8080/linux-2.4/gnupatch@4021346f79nBb-4X_usRikR3Iyb4Vg jmm> is included in 2.6.8, thus marking 2.6.8 and linux-2.6 N/A Bugs: upstream: released (2.4.25-rc1) linux-2.6: N/A 2.6.8-sarge-security: N/A 2.4.27-sarge-security: N/A 2.4.19-woody-security: released (2.4.19-4.woody3) 2.4.18-woody-security: released (2.4.18-14.4) 2.4.17-woody-security: released (2.4.17-1woody4) 2.4.16-woody-security: released (2.4.16-1woody3) 2.4.17-woody-security-hppa: released (32.5) 2.4.17-woody-security-ia64: released (011226.18) 2.4.18-woody-security-hppa: released (62.4)