Contents of /retired/CVE-2004-0427

Candidate: CVE-2004-0427
References: 
 MLIST:[linux-kernel] 20040408 [PATCH]: 2.4/2.6 do_fork() error path memory leak
 URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=108139073506983&w=2
 CONECTIVA:CLA-2004:846
 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846
 ENGARDE:ESA-20040428-004
 FEDORA:FEDORA-2004-111
 URL:http://fedoranews.org/updates/FEDORA-2004-111.shtml
 GENTOO:GLSA-200407-02
 URL:http://security.gentoo.org/glsa/glsa-200407-02.xml
 MANDRAKE:MDKSA-2004:037
 URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:037
 REDHAT:RHSA-2004:255
 URL:http://www.redhat.com/support/errata/RHSA-2004-255.html
 REDHAT:RHSA-2004:260
 URL:http://www.redhat.com/support/errata/RHSA-2004-260.html
 REDHAT:RHSA-2004:327
 URL:http://www.redhat.com/support/errata/RHSA-2004-327.html
 SGI:20040504-01-U
 URL:ftp://patches.sgi.com/support/free/security/advisories/20040504-01-U.asc
 SGI:20040505-01-U
 URL:ftp://patches.sgi.com/support/free/security/advisories/20040505-01-U.asc
 SUSE:SuSE-SA:2004:010
 URL:http://www.novell.com/linux/security/advisories/2004_10_kernel.html
 TURBO:TLSA-2004-14
 URL:http://www.turbolinux.com/security/2004/TLSA-2004-14.txt
 MISC:http://linux.bkbits.net:8080/linux-2.4/cset@407bf20eDeeejm8t36_tpvSE-8EFHA
 MISC:http://linux.bkbits.net:8080/linux-2.6/cset@407b1217x4jtqEkpFW2g_-RcF0726A
 CIAC:O-164
 URL:http://www.ciac.org/ciac/bulletins/o-164.shtml
 BID:10221
 URL:http://www.securityfocus.com/bid/10221
 SECUNIA:11429
 URL:http://secunia.com/advisories/11429
 SECUNIA:11464
 URL:http://secunia.com/advisories/11464
 SECUNIA:11486
 URL:http://secunia.com/advisories/11486
 SECUNIA:11541
 URL:http://secunia.com/advisories/11541
 SECUNIA:11861
 URL:http://secunia.com/advisories/11861
 SECUNIA:11891
 URL:http://secunia.com/advisories/11891
 SECUNIA:11892
 URL:http://secunia.com/advisories/11892
 OVAL:OVAL2819
 URL:http://oval.mitre.org/oval/definitions/data/oval2819.html
 XF:linux-dofork-memory-leak(16002)
 URL:http://xforce.iss.net/xforce/xfdb/16002 
Description: 
 The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before 2.6.6,
 does not properly decrement the mm_count counter when an error occurs after
 the mm_struct for a child process has been activated, which triggers a memory
 leak that allows local users to cause a denial of service (memory exhaustion)
 via the clone (CLONE_VM) system call.
Notes: 
Bugs: 
upstream: released (2.4.26, 2.6.6)
linux-2.6: N/A
2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
2.4.19-woody-security: released (2.4.19-4.woody3)
2.4.18-woody-security: released (2.4.18-14.4)
2.4.17-woody-security: released (2.4.17-1woody4)
2.4.16-woody-security: released (2.4.16-1woody3)
2.4.17-woody-security-hppa: released (32.5)
2.4.17-woody-security-ia64: released (011226.18)
2.4.18-woody-security-hppa: released (62.4)
1	Candidate: CVE-2004-0427
2	References:
3	MLIST:[linux-kernel] 20040408 [PATCH]: 2.4/2.6 do_fork() error path memory leak
4	URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=108139073506983&w=2
5	CONECTIVA:CLA-2004:846
6	URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846
7	ENGARDE:ESA-20040428-004
8	FEDORA:FEDORA-2004-111
9	URL:http://fedoranews.org/updates/FEDORA-2004-111.shtml
10	GENTOO:GLSA-200407-02
11	URL:http://security.gentoo.org/glsa/glsa-200407-02.xml
12	MANDRAKE:MDKSA-2004:037
13	URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:037
14	REDHAT:RHSA-2004:255
15	URL:http://www.redhat.com/support/errata/RHSA-2004-255.html
16	REDHAT:RHSA-2004:260
17	URL:http://www.redhat.com/support/errata/RHSA-2004-260.html
18	REDHAT:RHSA-2004:327
19	URL:http://www.redhat.com/support/errata/RHSA-2004-327.html
20	SGI:20040504-01-U
21	URL:ftp://patches.sgi.com/support/free/security/advisories/20040504-01-U.asc
22	SGI:20040505-01-U
23	URL:ftp://patches.sgi.com/support/free/security/advisories/20040505-01-U.asc
24	SUSE:SuSE-SA:2004:010
25	URL:http://www.novell.com/linux/security/advisories/2004_10_kernel.html
26	TURBO:TLSA-2004-14
27	URL:http://www.turbolinux.com/security/2004/TLSA-2004-14.txt
28	MISC:http://linux.bkbits.net:8080/linux-2.4/cset@407bf20eDeeejm8t36_tpvSE-8EFHA
29	MISC:http://linux.bkbits.net:8080/linux-2.6/cset@407b1217x4jtqEkpFW2g_-RcF0726A
30	CIAC:O-164
31	URL:http://www.ciac.org/ciac/bulletins/o-164.shtml
32	BID:10221
33	URL:http://www.securityfocus.com/bid/10221
34	SECUNIA:11429
35	URL:http://secunia.com/advisories/11429
36	SECUNIA:11464
37	URL:http://secunia.com/advisories/11464
38	SECUNIA:11486
39	URL:http://secunia.com/advisories/11486
40	SECUNIA:11541
41	URL:http://secunia.com/advisories/11541
42	SECUNIA:11861
43	URL:http://secunia.com/advisories/11861
44	SECUNIA:11891
45	URL:http://secunia.com/advisories/11891
46	SECUNIA:11892
47	URL:http://secunia.com/advisories/11892
48	OVAL:OVAL2819
49	URL:http://oval.mitre.org/oval/definitions/data/oval2819.html
50	XF:linux-dofork-memory-leak(16002)
51	URL:http://xforce.iss.net/xforce/xfdb/16002
52	Description:
53	The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before 2.6.6,
54	does not properly decrement the mm_count counter when an error occurs after
55	the mm_struct for a child process has been activated, which triggers a memory
56	leak that allows local users to cause a denial of service (memory exhaustion)
57	via the clone (CLONE_VM) system call.
58	Notes:
59	Bugs:
60	upstream: released (2.4.26, 2.6.6)
61	linux-2.6: N/A
62	2.6.8-sarge-security: N/A
63	2.4.27-sarge-security: N/A
64	2.4.19-woody-security: released (2.4.19-4.woody3)
65	2.4.18-woody-security: released (2.4.18-14.4)
66	2.4.17-woody-security: released (2.4.17-1woody4)
67	2.4.16-woody-security: released (2.4.16-1woody3)
68	2.4.17-woody-security-hppa: released (32.5)
69	2.4.17-woody-security-ia64: released (011226.18)
70	2.4.18-woody-security-hppa: released (62.4)