漏洞信息详情
Linux Kernel EXT3文件系统信息泄露漏洞
- CNNVD编号:CNNVD-200406-007
- 危害等级: 低危
- CVE编号: CVE-2004-0177
- 漏洞类型: 设计错误
- 发布时间: 2004-06-01
- 威胁类型: 远程
- 更新时间: 2005-10-20
- 厂 商: linux
- 漏洞来源: Discovery of this ...
漏洞简介
Linux 2.4.26之前的2.4.x版本的ext3代码不正确初始化日报描述符块,导致写到ext3文件系统设备内存数据信息泄露。拥有特权的用户通过读取原生装置得到部分核心内存信息
漏洞公告
The Fedora Legacy project has released advisory FLSA:2336 to address this issue for Red Hat Fedora Core 1, Red Hat Linux 7.3 and 9. Please see the referenced advisory for further information. Red Hat has released advisory RHSA-2004:505-14 and fixes to address this issue and other issues on Red Hat Linux Enterprise platforms. Customers that are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information. Conectiva has released advisory CLA-2004:846 to provide Kernel updates to address this and other issues for Conectiva 8 and 9. Please see the referenced advisory for further details regarding obtaining and applying appropriate updates. Conectiva has released advisory CLSA-2004:829 to provide Kernel updates for CLEE 1.0. Please see the attached advisory for details on how to apply updates. Mandrake has released advisory MDKSA-2004:029 to address this and other kernel vulnerabilities. Please see the attached advisory for details on obtaining and applying fixes. This issue has been addressed in versions 2.4.26 and 2.6.5 of the Linux Kernel. Trustix has released an advisory TSLSA-2004-0020 with fixes to address this and other issues. Please see the referenced advisory for more information. Debian has released advisory DSA 489-1 to provide updates for Linux 2.4.17 for the PowerPC/apus and S/390 architectures. Please see the attached advisory for details on applying and obtaining fixes. Debian has released advisory DSA 491-1 to provide updates for Linux 2.4.19 on the MIPS architecture. Please see the attached advisory for details on applying and obtaining fixes. Rad Hat has released advisory RHSA-2004:166-08 and fixes for Red Hat Linux version 9. Please see the referenced advisory for more information. Debian has released an advisory (DSA 495-1) to address various issues in the Linux kernel. This advisory contains fixes for the ARM architecture. Please see the referenced advisory for more information. EnGarde Secure Linux has released an advisory (ESA-20040428-004) to address various issues in the Linux kernel. Please see the referenced advisory for more information. Gentoo Linux has released advisory GLSA 200407-02 addressing this and other issues. Please see the referenced advisory for further information about this issue and information on upgrading packages using emerge. RedHat Linux has released advisory RHSA-2004:504-13 to address this, and other issues in RedHat Enterprise Linux operating systems with Itanium processors. Please see the referenced advisory for further information. Avaya has released an advisory regarding this issue. They report that fixes will be released in the future. Please see the referenced Web advisory for more information. Red Hat released advisory RHSA-2005:293-16 as well as fixes to address this and other issues on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisories for additional information. Linux kernel 2.4 .0-test3
- Linux linux-2.4.26.tar.bz2 http://www.kernel.org/pub/linux/kernel/v2.4/linux-2.4.26.tar.bz2
- Linux linux-2.4.26.tar.bz2 http://www.kernel.org/pub/linux/kernel/v2.4/linux-2.4.26.tar.bz2
- Linux linux-2.4.26.tar.bz2 http://www.kernel.org/pub/linux/kernel/v2.4/linux-2.4.26.tar.bz2
- Linux linux-2.4.26.tar.bz2 http://www.kernel.org/pub/linux/kernel/v2.4/linux-2.4.26.tar.bz2
- Linux linux-2.4.26.tar.bz2 http://www.kernel.org/pub/linux/kernel/v2.4/linux-2.4.26.tar.bz2
- Linux linux-2.4.26.tar.bz2 http://www.kernel.org/pub/linux/kernel/v2.4/linux-2.4.26.tar.bz2
- Linux linux-2.4.26.tar.bz2 http://www.kernel.org/pub/linux/kernel/v2.4/linux-2.4.26.tar.bz2
- Linux linux-2.4.26.tar.bz2 http://www.kernel.org/pub/linux/kernel/v2.4/linux-2.4.26.tar.bz2
- Linux linux-2.4.26.tar.bz2 http://www.kernel.org/pub/linux/kernel/v2.4/linux-2.4.26.tar.bz2
- Linux linux-2.4.26.tar.bz2 http://www.kernel.org/pub/linux/kernel/v2.4/linux-2.4.26.tar.bz2
- Linux linux-2.4.26.tar.bz2 http://www.kernel.org/pub/linux/kernel/v2.4/linux-2.4.26.tar.bz2
- Linux linux-2.4.26.tar.bz2 http://www.kernel.org/pub/linux/kernel/v2.4/linux-2.4.26.tar.bz2
- Linux linux-2.4.26.tar.bz2 http://www.kernel.org/pub/linux/kernel/v2.4/linux-2.4.26.tar.bz2
- Linux linux-2.4.26.tar.bz2 http://www.kernel.org/pub/linux/kernel/v2.4/linux-2.4.26.tar.bz2
- Linux linux-2.4.26.tar.bz2 http://www.kernel.org/pub/linux/kernel/v2.4/linux-2.4.26.tar.bz2
- Linux linux-2.4.26.tar.bz2 http://www.kernel.org/pub/linux/kernel/v2.4/linux-2.4.26.tar.bz2
- Linux linux-2.4.26.tar.bz2 http://www.kernel.org/pub/linux/kernel/v2.4/linux-2.4.26.tar.bz2
- Linux linux-2.4.26.tar.bz2 http://www.kernel.org/pub/linux/kernel/v2.4/linux-2.4.26.tar.bz2
-
Debian kernel-doc-2.4.16_2.4.16-1woody2_all.debDebian GNU/Linux 3.0 alias woody
http://security
参考网址
来源: ENGARDE 名称: ESA-20040428-004 链接:http://www.linuxsecurity.com/advisories/engarde_advisory-4285.HTML 来源: DEBIAN 名称: DSA-495 链接:http://www.debian.org/security/2004/dsa-495 来源: REDHAT 名称: RHSA-2004:166 链接:http://rhn.redhat.com/errata/RHSA-2004-166.HTML 来源: TRUSTIX 名称: 2004-0020 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=108213675028441&w=2 来源: FEDORA 名称: FLSA:2336 链接:https://bugzilla.fedora.us/show_bug.cgi?id=2336 来源: DEBIAN 名称: DSA-491 链接:http://www.debian.org/security/2004/dsa-491 来源: DEBIAN 名称: DSA-489 链接:http://www.debian.org/security/2004/dsa-489 来源: DEBIAN 名称: DSA-482 链接:http://www.debian.org/security/2004/dsa-482 来源: DEBIAN 名称: DSA-481 链接:http://www.debian.org/security/2004/dsa-481 来源: DEBIAN 名称: DSA-480 链接:http://www.debian.org/security/2004/dsa-480 来源: DEBIAN 名称: DSA-479 链接:http://www.debian.org/security/2004/dsa-479 来源: GENTOO 名称: GLSA-200407-02 链接:http://security.gentoo.org/glsa/glsa-200407-02.xml 来源: OVAL 名称: oval:org.mitre.oval:def:10556 链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10556 来源: linux.bkbits.net:8080 链接:http://linux.bkbits.net:8080/linux-2.4/cset@4056b368s6vpJbGWxDD_LhQNYQrdzQ 来源: XF 名称: linux-ext3-info-disclosure(15867) 链接:http://xforce.iss.net/xforce/xfdb/15867 来源: BID 名称: 10152 链接:http://www.securityfocus.com/bid/10152 来源: REDHAT 名称: RHSA-2005:293 链接:http://www.redhat.com/support/errata/RHSA-2005-293.HTML 来源: REDHAT 名称: RHSA-2004:505 链接:http://www.redhat.com/support/errata/RHSA-2004-505.HTML 来源: REDHAT 名称: RHSA-2004:504 链接:http://www.redhat.com/support/errata/RHSA-2004-504.HTML 来源: MANDRAKE 名称: MDKSA-2004:029 链接:http://www.mandriva.com/security/advisories?name=MDKSA-2004:029 来源: CIAC 名称: O-127 链接:http://www.ciac.org/ciac/bulletins/o-127.sHTML 来源: CIAC 名称: O-126 链接:http://www.ciac.org/ciac/bulletins/o-126.sHTML 来源: CIAC 名称: O-121 链接:http://www.ciac.org/ciac/bulletins/o-121.sHTML 来源: CONECTIVA 名称: CLA-2004:846 链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846
受影响实体
- Linux Linux_kernel:2.4.0
补丁
暂无
评论