CVE-2004-0177

NameCVE-2004-0177
DescriptionThe ext3 code in Linux 2.4.x before 2.4.26 does not properly initialize journal descriptor blocks, which causes an information leak in which in-memory data is written to the device for the ext3 file system, which allows privileged users to obtain portions of kernel memory by reading the raw device.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-479, DSA-480, DSA-481, DSA-482, DSA-489, DSA-491, DSA-495

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
kernel-image-2.4.16-lartsourcewoody20040419DSA-495
kernel-image-2.4.16-netwindersourcewoody20040419DSA-495
kernel-image-2.4.16-riscpcsourcewoody20040419DSA-495
kernel-image-2.4.17-hppasourcewoody32.4DSA-480
kernel-image-2.4.17-ia64sourcewoody011226.17DSA-481
kernel-image-2.4.17-s390sourcewoody2.4.17-2.woody.4DSA-482
kernel-image-2.4.18-1-alphasourcewoody2.4.18-15DSA-479
kernel-image-2.4.18-1-i386sourcewoody2.4.18-13DSA-479
kernel-image-2.4.18-hppasourcewoody62.3DSA-480
kernel-image-2.4.18-i386bfsourcewoody2.4.18-5woody8DSA-479
kernel-patch-2.4.16-armsourcewoody20040419DSA-495
kernel-patch-2.4.17-apussourcewoody2.4.17-5DSA-482
kernel-patch-2.4.17-mipssourcewoody2.4.17-0.020226.2.woody6DSA-489
kernel-patch-2.4.17-mipselsourcewoody2.4.17-0.020226.2.woody6DSA-489
kernel-patch-2.4.17-s390sourcewoody2.4.17-2.woody.4DSA-482
kernel-patch-2.4.18-powerpcsourcewoody2.4.18-1woody5DSA-479
kernel-patch-2.4.19-mipssourcewoody2.4.19-0.020911.1.woody4DSA-491
kernel-source-2.4.16sourcewoody2.4.16-1woody2DSA-495
kernel-source-2.4.17sourcewoody2.4.17-1woody3DSA-489
kernel-source-2.4.18sourcewoody2.4.18-14.3DSA-479
kernel-source-2.4.19sourcewoody2.4.19-4.woody2DSA-491
kernel-source-2.4.27source(unstable)(not affected)
linux-2.6source(unstable)(not affected)

Notes

- linux-2.6 <not-affected> (fixed before first upload; 2.6.8)
- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26-pre4)

Search for package or bug name: Reporting problems