CVE-2004-0177

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The ext3 code in Linux 2.4.x before 2.4.26 does not properly initialize journal descriptor blocks, which causes an information leak in which in-memory data is written to the device for the ext3 file system, which allows privileged users to obtain portions of kernel memory by reading the raw device.

References

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846

http://linux.bkbits.net:8080/linux-2.4/[email protected]_LhQNYQrdzQ

http://marc.info/?l=bugtraq&m=108213675028441&w=2

http://rhn.redhat.com/errata/RHSA-2004-166.html

http://security.gentoo.org/glsa/glsa-200407-02.xml

http://www.ciac.org/ciac/bulletins/o-121.shtml

http://www.ciac.org/ciac/bulletins/o-126.shtml

http://www.ciac.org/ciac/bulletins/o-127.shtml

http://www.debian.org/security/2004/dsa-479

http://www.debian.org/security/2004/dsa-480

http://www.debian.org/security/2004/dsa-481

http://www.debian.org/security/2004/dsa-482

http://www.debian.org/security/2004/dsa-489

http://www.debian.org/security/2004/dsa-491

http://www.debian.org/security/2004/dsa-495

http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html

http://www.mandriva.com/security/advisories?name=MDKSA-2004:029

http://www.redhat.com/support/errata/RHSA-2004-504.html

http://www.redhat.com/support/errata/RHSA-2004-505.html

http://www.redhat.com/support/errata/RHSA-2005-293.html

http://www.securityfocus.com/bid/10152

https://bugzilla.fedora.us/show_bug.cgi?id=2336

https://exchange.xforce.ibmcloud.com/vulnerabilities/15867

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10556

Details

Source: MITRE

Published: 2004-06-01

Updated: 2017-10-11

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*

Tenable Plugins

View all (13 total)

IDNameProductFamilySeverity
21923CentOS 3 : kernel (CESA-2005:293)NessusCentOS Local Security Checks
high
18128RHEL 3 : kernel (RHSA-2005:293)NessusRed Hat Local Security Checks
high
15958RHEL 2.1 : kernel (RHSA-2004:505)NessusRed Hat Local Security Checks
high
15332Debian DSA-495-1 : linux-kernel-2.4.16-arm - several vulnerabilitiesNessusDebian Local Security Checks
high
15328Debian DSA-491-1 : linux-kernel-2.4.19-mips - several vulnerabilitiesNessusDebian Local Security Checks
high
15326Debian DSA-489-1 : linux-kernel-2.4.17-mips+mipsel - several vulnerabilitiesNessusDebian Local Security Checks
high
15319Debian DSA-482-1 : linux-kernel-2.4.17-apus+s390 - several vulnerabilitiesNessusDebian Local Security Checks
high
15318Debian DSA-481-1 : linux-kernel-2.4.17-ia64 - several vulnerabilitiesNessusDebian Local Security Checks
high
15317Debian DSA-480-1 : linux-kernel-2.4.17+2.4.18-hppa - several vulnerabilitiesNessusDebian Local Security Checks
high
15316Debian DSA-479-1 : linux-kernel-2.4.18-alpha+i386+powerpc - several vulnerabilitiesNessusDebian Local Security Checks
high
14535GLSA-200407-02 : Linux Kernel: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
14128Mandrake Linux Security Advisory : kernel (MDKSA-2004:029)NessusMandriva Local Security Checks
medium
801608Red Hat 2005-293 Security CheckLog Correlation EngineGeneric
high