CVE-2004-0177

NameCVE-2004-0177
DescriptionThe ext3 code in Linux 2.4.x before 2.4.26 does not properly initialize journal descriptor blocks, which causes an information leak in which in-memory data is written to the device for the ext3 file system, which allows privileged users to obtain portions of kernel memory by reading the raw device.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-479, DSA-480, DSA-481, DSA-482, DSA-489, DSA-491, DSA-495
NVD severitymedium (attack range: remote)
Debian/oldstablenot vulnerable.
Debian/stablenot known to be vulnerable.
Debian/testingnot known to be vulnerable.
Debian/unstablenot known to be vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux-2.6 (PTS)squeeze (security), squeeze2.6.32-48squeeze6fixed
squeeze (lts)2.6.32-48squeeze11fixed

The information above is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
kernel-image-2.4.16-lartsourcewoody20040419mediumDSA-495
kernel-image-2.4.16-netwindersourcewoody20040419mediumDSA-495
kernel-image-2.4.16-riscpcsourcewoody20040419mediumDSA-495
kernel-image-2.4.17-hppasourcewoody32.4mediumDSA-480
kernel-image-2.4.17-ia64sourcewoody011226.17mediumDSA-481
kernel-image-2.4.17-s390sourcewoody2.4.17-2.woody.4mediumDSA-482
kernel-image-2.4.18-1-alphasourcewoody2.4.18-15mediumDSA-479
kernel-image-2.4.18-1-i386sourcewoody2.4.18-13mediumDSA-479
kernel-image-2.4.18-hppasourcewoody62.3mediumDSA-480
kernel-image-2.4.18-i386bfsourcewoody2.4.18-5woody8mediumDSA-479
kernel-patch-2.4.16-armsourcewoody20040419mediumDSA-495
kernel-patch-2.4.17-apussourcewoody2.4.17-5mediumDSA-482
kernel-patch-2.4.17-mipssourcewoody2.4.17-0.020226.2.woody6mediumDSA-489
kernel-patch-2.4.17-mipselsourcewoody2.4.17-0.020226.2.woody6mediumDSA-489
kernel-patch-2.4.17-s390sourcewoody2.4.17-2.woody.4mediumDSA-482
kernel-patch-2.4.18-powerpcsourcewoody2.4.18-1woody5mediumDSA-479
kernel-patch-2.4.19-mipssourcewoody2.4.19-0.020911.1.woody4mediumDSA-491
kernel-source-2.4.16sourcewoody2.4.16-1woody2mediumDSA-495
kernel-source-2.4.17sourcewoody2.4.17-1woody3mediumDSA-489
kernel-source-2.4.18sourcewoody2.4.18-14.3mediumDSA-479
kernel-source-2.4.19sourcewoody2.4.19-4.woody2mediumDSA-491
kernel-source-2.4.27source(unstable)(not affected)
linux-2.6source(unstable)(not affected)

Notes

- linux-2.6 <not-affected> (fixed before first upload; 2.6.8)
- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26-pre4)

Search for package or bug name: Reporting problems