fkie_cve-2004-0177
Vulnerability from fkie_nvd
Published
2004-06-01 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
The ext3 code in Linux 2.4.x before 2.4.26 does not properly initialize journal descriptor blocks, which causes an information leak in which in-memory data is written to the device for the ext3 file system, which allows privileged users to obtain portions of kernel memory by reading the raw device.
References
cve@mitre.orghttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846
cve@mitre.orghttp://linux.bkbits.net:8080/linux-2.4/cset%404056b368s6vpJbGWxDD_LhQNYQrdzQ
cve@mitre.orghttp://marc.info/?l=bugtraq&m=108213675028441&w=2
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2004-166.htmlPatch, Vendor Advisory
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200407-02.xml
cve@mitre.orghttp://www.ciac.org/ciac/bulletins/o-121.shtml
cve@mitre.orghttp://www.ciac.org/ciac/bulletins/o-126.shtml
cve@mitre.orghttp://www.ciac.org/ciac/bulletins/o-127.shtml
cve@mitre.orghttp://www.debian.org/security/2004/dsa-479
cve@mitre.orghttp://www.debian.org/security/2004/dsa-480
cve@mitre.orghttp://www.debian.org/security/2004/dsa-481
cve@mitre.orghttp://www.debian.org/security/2004/dsa-482
cve@mitre.orghttp://www.debian.org/security/2004/dsa-489
cve@mitre.orghttp://www.debian.org/security/2004/dsa-491
cve@mitre.orghttp://www.debian.org/security/2004/dsa-495Patch, Vendor Advisory
cve@mitre.orghttp://www.linuxsecurity.com/advisories/engarde_advisory-4285.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2004:029
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-504.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-505.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2005-293.html
cve@mitre.orghttp://www.securityfocus.com/bid/10152
cve@mitre.orghttps://bugzilla.fedora.us/show_bug.cgi?id=2336
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/15867
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10556
af854a3a-2127-422b-91ae-364da2661108http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846
af854a3a-2127-422b-91ae-364da2661108http://linux.bkbits.net:8080/linux-2.4/cset%404056b368s6vpJbGWxDD_LhQNYQrdzQ
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=108213675028441&w=2
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2004-166.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200407-02.xml
af854a3a-2127-422b-91ae-364da2661108http://www.ciac.org/ciac/bulletins/o-121.shtml
af854a3a-2127-422b-91ae-364da2661108http://www.ciac.org/ciac/bulletins/o-126.shtml
af854a3a-2127-422b-91ae-364da2661108http://www.ciac.org/ciac/bulletins/o-127.shtml
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2004/dsa-479
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2004/dsa-480
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2004/dsa-481
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2004/dsa-482
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2004/dsa-489
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2004/dsa-491
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2004/dsa-495Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.linuxsecurity.com/advisories/engarde_advisory-4285.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2004:029
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-504.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-505.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-293.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/10152
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.fedora.us/show_bug.cgi?id=2336
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/15867
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10556
Impacted products
Vendor Product Version
linux linux_kernel 2.4.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C24A129D-2E5E-436C-95DE-AE75D2E8D092",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The ext3 code in Linux 2.4.x before 2.4.26 does not properly initialize journal descriptor blocks, which causes an information leak in which in-memory data is written to the device for the ext3 file system, which allows privileged users to obtain portions of kernel memory by reading the raw device."
    },
    {
      "lang": "es",
      "value": "El c\u00f3digo ext3 en Linux 2.4.x no inicializa adecuadamente bloques de descriptores de diario, lo que causa una fuga de informaci\u00f3n en la que datos de memoria son escritos en el dispositivo de un sistema de ficheros ext3, lo que permite a usuarios privilegiados obtener porciones de la memoria del kernel leyendo directamente del dispositivo."
    }
  ],
  "id": "CVE-2004-0177",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-06-01T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000846"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://linux.bkbits.net:8080/linux-2.4/cset%404056b368s6vpJbGWxDD_LhQNYQrdzQ"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=108213675028441\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2004-166.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200407-02.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ciac.org/ciac/bulletins/o-121.shtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ciac.org/ciac/bulletins/o-126.shtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ciac.org/ciac/bulletins/o-127.shtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2004/dsa-479"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2004/dsa-480"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2004/dsa-481"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2004/dsa-482"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2004/dsa-489"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2004/dsa-491"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2004/dsa-495"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:029"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-504.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-505.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2005-293.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/10152"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2336"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15867"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10556"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000846"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://linux.bkbits.net:8080/linux-2.4/cset%404056b368s6vpJbGWxDD_LhQNYQrdzQ"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=108213675028441\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2004-166.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200407-02.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ciac.org/ciac/bulletins/o-121.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ciac.org/ciac/bulletins/o-126.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ciac.org/ciac/bulletins/o-127.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2004/dsa-479"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2004/dsa-480"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2004/dsa-481"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2004/dsa-482"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2004/dsa-489"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2004/dsa-491"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2004/dsa-495"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:029"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-504.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-505.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2005-293.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/10152"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2336"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15867"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10556"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.