Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0956

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2003-0956
Last Modified 05 Sep 2008 04:35:39
Published 31 Dec 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2003-0956

Summary

Multiple race conditions in the handling of O_DIRECT in Linux kernel prior to version 2.4.22 could cause stale data to be returned from the disk when handling sparse files, or cause incorrect data to be returned when a file is truncated as it is being read, which might allow local users to obtain sensitive data that was originally owned by other users, a different vulnerability than CVE-2003-0018.

Vulnerable Systems

Operating System

  • Linux Kernel 2.4.22


References

CONFIRM - http://linux.bkbits.net:8080/linux-2.4/cset@3ef33d95ym_22QH2xwhDMt264M55Fg

XF - linux-kernel-odirect-information-disclosure(42942)


Last Updated: 27 May 2016 10:38:06