Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0177

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-0177
Last Modified 21 Aug 2010 12:19:41
Published 01 Jun 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0177

Summary

The ext3 code in Linux 2.4.x before 2.4.26 does not properly initialize journal descriptor blocks, which causes an information leak in which in-memory data is written to the device for the ext3 file system, which allows privileged users to obtain portions of kernel memory by reading the raw device.

Vulnerable Systems

Operating System

  • Linux Kernel 2.4.0


References

ENGARDE - ESA-20040428-004

DEBIAN - DSA-495

REDHAT - RHSA-2004:166

TRUSTIX - 2004-0020

FEDORA - FLSA:2336

DEBIAN - DSA-491

DEBIAN - DSA-489

DEBIAN - DSA-482

DEBIAN - DSA-481

DEBIAN - DSA-480

DEBIAN - DSA-479

GENTOO - GLSA-200407-02

MISC - http://linux.bkbits.net:8080/linux-2.4/cset@4056b368s6vpJbGWxDD_LhQNYQrdzQ

XF - linux-ext3-info-disclosure(15867)

BID - 10152

REDHAT - RHSA-2005:293

REDHAT - RHSA-2004:505

REDHAT - RHSA-2004:504

MANDRAKE - MDKSA-2004:029

CIAC - O-127

CIAC - O-126

CIAC - O-121

CONECTIVA - CLA-2004:846


Last Updated: 27 May 2016 10:38:30