|
Linux Kernel File Systems Information Leak and Denial of Service
|
|
|
|
|
Secunia Advisory:
|
SA11362
|
|
|
Release Date:
|
2004-04-15
|
|
|
Critical:
|
Not critical
|
|
Impact:
|
Exposure of sensitive information
DoS
|
|
Where:
|
Local system
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | Linux Kernel 2.4.x
Linux Kernel 2.6.x
|
|
| | CVE reference: | CVE-2004-0133 (Secunia mirror)
CVE-2004-0177 (Secunia mirror)
CVE-2004-0178 (Secunia mirror)
CVE-2004-0181 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
Multiple vulnerabilities have reportedly been fixed in the latest kernel releases. These may allow malicious, local users to cause a DoS (Denial of Service) or gain knowledge of sensitive information.
1-3) Information leaks within the ext3, XFS, and JFS file system code may expose sensitive data (e.g. cryptographic keys) to malicious, local users, who are able to read the raw device.
4) An error within the OSS code for SoundBlaster 16 devices may cause a DoS when submitting an odd number of output bytes. This is an older vulnerability, which was first reported in June 2002.
Solution:
The vulnerabilities have reportedly been fixed in Linux kernel versions 2.4.26 and 2.6.6-rc1.
http://kernel.org/
Grant only trusted users access to affected systems.
Provided and/or discovered by:
1-3) Solar Designer
4) Originally discovered by Andreas Mohr.
Original Advisory:
Sound Blaster DoS:
http://www.uwsg.iu.edu/hypermail/linux/kernel/0206.0/0087.html
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
183 Related Secunia Security Advisories, displaying 10
|
|
|
1. Linux Kernel LDT Buffer Size Handling Vulnerability
|
|
2. Linux Kernel Multiple Vulnerabilities
|
|
3. Linux Kernel "pppol2tp_recvmsg()" Memory Corruption Vulnerability
|
|
4. Linux Kernel ASN.1 BER Decoding Vulnerability
|
|
5. Linux Kernel Denial of Service Vulnerabilities
|
|
6. Linux Kernel Unspecified Vulnerability
|
|
7. Linux Kernel Multiple Vulnerabilities
|
|
8. Linux Kernel Multiple Vulnerabilities
|
|
9. Linux Kernel "fcntl_setlk()" SMP Reordered Access Vulnerability
|
|
10. Linux Kernel Multiple Vulnerabilities
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
