Vulnerability Description
The ext3 code in Linux 2.4.x before 2.4.26 does not properly initialize journal descriptor blocks, which causes an information leak in which in-memory data is written to the device for the ext3 file system, which allows privileged users to obtain portions of kernel memory by reading the raw device.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | 2.4.0 |
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846
- http://linux.bkbits.net:8080/linux-2.4/cset%404056b368s6vpJbGWxDD_LhQNYQrdzQ
- http://marc.info/?l=bugtraq&m=108213675028441&w=2
- http://rhn.redhat.com/errata/RHSA-2004-166.htmlPatchVendor Advisory
- http://security.gentoo.org/glsa/glsa-200407-02.xml
- http://www.ciac.org/ciac/bulletins/o-121.shtml
- http://www.ciac.org/ciac/bulletins/o-126.shtml
- http://www.ciac.org/ciac/bulletins/o-127.shtml
- http://www.debian.org/security/2004/dsa-479
- http://www.debian.org/security/2004/dsa-480
- http://www.debian.org/security/2004/dsa-481
- http://www.debian.org/security/2004/dsa-482
- http://www.debian.org/security/2004/dsa-489
- http://www.debian.org/security/2004/dsa-491
- http://www.debian.org/security/2004/dsa-495PatchVendor Advisory
FAQ
What is CVE-2004-0177?
CVE-2004-0177 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The ext3 code in Linux 2.4.x before 2.4.26 does not properly initialize journal descriptor blocks, which causes an information leak in which in-memory data is written to the device for the ext3 file s...
How severe is CVE-2004-0177?
CVE-2004-0177 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0177?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.