CVE-2004-0177 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2004-0177
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2004-0177

Description: The ext3 code in Linux 2.4.x before 2.4.26 does not properly initialize journal descriptor blocks, which causes an information leak in which in-memory data is written to the device for the ext3 file system, which allows privileged users to obtain portions of kernel memory by reading the raw device.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/15867 TRUSTIX http://marc.theaimsgroup.com/?l=bugtraq&m=108213675028441&w=2 REDHAT http://www.redhat.com/support/errata/RHSA-2004-505.html http://www.redhat.com/support/errata/RHSA-2005-293.html http://www.redhat.com/support/errata/RHSA-2004-504.html http://rhn.redhat.com/errata/RHSA-2004-166.html MISC http://linux.bkbits.net:8080/linux-2.4/cset@4056b368s6vpJbGWxDD_LhQNYQrdzQ MANDRAKE http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:029 GENTOO http://security.gentoo.org/glsa/glsa-200407-02.xml FEDORA ENGARDE http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html DEBIAN http://www.debian.org/security/2004/dsa-495 http://www.debian.org/security/2004/dsa-491 http://www.debian.org/security/2004/dsa-489 http://www.debian.org/security/2004/dsa-482 http://www.debian.org/security/2004/dsa-481 http://www.debian.org/security/2004/dsa-480 http://www.debian.org/security/2004/dsa-479 CONECTIVA http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846 CIAC http://www.ciac.org/ciac/bulletins/o-127.shtml http://www.ciac.org/ciac/bulletins/o-126.shtml http://www.ciac.org/ciac/bulletins/o-121.shtml BID 10152

Return to the previous page.