Vulnerability in Avaya Converged_communications_server
CVE-2004-1235
Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.
EPSS: 0.029 (85.1th percentile) — read the EPSS interpretation.
Affected products
- Avaya Converged_communications_server — versions 2.0
- Avaya Intuity_audix
- Avaya Mn100
- Avaya Modular_messaging_message_storage_server — versions 1.1, 2.0
- Avaya Network_routing
- Avaya S8300 — versions r2.0.0, r2.0.1
- Avaya S8500 — versions r2.0.0, r2.0.1
- Avaya S8700 — versions r2.0.0, r2.0.1
- Avaya S8710 — versions r2.0.0, r2.0.1
- Conectiva Linux — versions 10.0
Public proof-of-concept exploits
References
- cve@mitre.org (x_refsource_SECUNIA, third-party-advisory)
- cve@mitre.org (vendor-advisory, x_refsource_DEBIAN)
- cve@mitre.org (vendor-advisory, x_refsource_MANDRAKE)
- cve@mitre.org (x_refsource_REDHAT, vendor-advisory)
- cve@mitre.org (x_refsource_FEDORA, vendor-advisory)
- cve@mitre.org (x_refsource_CONFIRM)
- cve@mitre.org (x_refsource_MISC)
- cve@mitre.org (vendor-advisory, x_refsource_DEBIAN)
- cve@mitre.org (x_refsource_REDHAT, vendor-advisory)
- cve@mitre.org (x_refsource_SECUNIA, third-party-advisory)
Frequently asked questions
- What is CVE-2004-1235?
- CVE-2004-1235 is a vulnerability in Avaya Converged_communications_server. Published 2005-04-14.
- Is CVE-2004-1235 known to be exploited?
- 41 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.