[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250770

 
 

909

 
 

196157

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2004-0177Date: (C)2004-06-01   (M)2023-12-22


The ext3 code in Linux 2.4.x before 2.4.26 does not properly initialize journal descriptor blocks, which causes an information leak in which in-memory data is written to the device for the ext3 file system, which allows privileged users to obtain portions of kernel memory by reading the raw device.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
BID-10152
2004-0020
CLA-2004:846
DSA-479
DSA-480
DSA-481
DSA-482
DSA-489
DSA-491
DSA-495
ESA-20040428-004
FLSA:2336
GLSA-200407-02
MDKSA-2004:029
O-121
O-126
O-127
RHSA-2004:166
RHSA-2004:504
RHSA-2004:505
RHSA-2005:293
http://linux.bkbits.net:8080/linux-2.4/cset%404056b368s6vpJbGWxDD_LhQNYQrdzQ
linux-ext3-info-disclosure(15867)
oval:org.mitre.oval:def:10556

CPE    1
cpe:/o:linux:linux_kernel:2.4.0

© SecPod Technologies