FKIE_CVE-2004-0177

Vulnerability from fkie_nvd - Published: 2004-06-01 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
The ext3 code in Linux 2.4.x before 2.4.26 does not properly initialize journal descriptor blocks, which causes an information leak in which in-memory data is written to the device for the ext3 file system, which allows privileged users to obtain portions of kernel memory by reading the raw device.
References
cve@mitre.orghttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846
cve@mitre.orghttp://linux.bkbits.net:8080/linux-2.4/cset%404056b368s6vpJbGWxDD_LhQNYQrdzQ
cve@mitre.orghttp://marc.info/?l=bugtraq&m=108213675028441&w=2
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2004-166.htmlPatch, Vendor Advisory
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200407-02.xml
cve@mitre.orghttp://www.ciac.org/ciac/bulletins/o-121.shtml
cve@mitre.orghttp://www.ciac.org/ciac/bulletins/o-126.shtml
cve@mitre.orghttp://www.ciac.org/ciac/bulletins/o-127.shtml
cve@mitre.orghttp://www.debian.org/security/2004/dsa-479
cve@mitre.orghttp://www.debian.org/security/2004/dsa-480
cve@mitre.orghttp://www.debian.org/security/2004/dsa-481
cve@mitre.orghttp://www.debian.org/security/2004/dsa-482
cve@mitre.orghttp://www.debian.org/security/2004/dsa-489
cve@mitre.orghttp://www.debian.org/security/2004/dsa-491
cve@mitre.orghttp://www.debian.org/security/2004/dsa-495Patch, Vendor Advisory
cve@mitre.orghttp://www.linuxsecurity.com/advisories/engarde_advisory-4285.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2004:029
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-504.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-505.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2005-293.html
cve@mitre.orghttp://www.securityfocus.com/bid/10152
cve@mitre.orghttps://bugzilla.fedora.us/show_bug.cgi?id=2336
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/15867
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10556
af854a3a-2127-422b-91ae-364da2661108http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846
af854a3a-2127-422b-91ae-364da2661108http://linux.bkbits.net:8080/linux-2.4/cset%404056b368s6vpJbGWxDD_LhQNYQrdzQ
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=108213675028441&w=2
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2004-166.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200407-02.xml
af854a3a-2127-422b-91ae-364da2661108http://www.ciac.org/ciac/bulletins/o-121.shtml
af854a3a-2127-422b-91ae-364da2661108http://www.ciac.org/ciac/bulletins/o-126.shtml
af854a3a-2127-422b-91ae-364da2661108http://www.ciac.org/ciac/bulletins/o-127.shtml
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2004/dsa-479
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2004/dsa-480
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2004/dsa-481
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2004/dsa-482
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2004/dsa-489
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2004/dsa-491
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2004/dsa-495Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.linuxsecurity.com/advisories/engarde_advisory-4285.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2004:029
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-504.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-505.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-293.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/10152
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.fedora.us/show_bug.cgi?id=2336
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/15867
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10556
Impacted products
Vendor Product Version
linux linux_kernel 2.4.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C24A129D-2E5E-436C-95DE-AE75D2E8D092",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The ext3 code in Linux 2.4.x before 2.4.26 does not properly initialize journal descriptor blocks, which causes an information leak in which in-memory data is written to the device for the ext3 file system, which allows privileged users to obtain portions of kernel memory by reading the raw device."
    },
    {
      "lang": "es",
      "value": "El c\u00f3digo ext3 en Linux 2.4.x no inicializa adecuadamente bloques de descriptores de diario, lo que causa una fuga de informaci\u00f3n en la que datos de memoria son escritos en el dispositivo de un sistema de ficheros ext3, lo que permite a usuarios privilegiados obtener porciones de la memoria del kernel leyendo directamente del dispositivo."
    }
  ],
  "id": "CVE-2004-0177",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-06-01T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000846"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://linux.bkbits.net:8080/linux-2.4/cset%404056b368s6vpJbGWxDD_LhQNYQrdzQ"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=108213675028441\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2004-166.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200407-02.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ciac.org/ciac/bulletins/o-121.shtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ciac.org/ciac/bulletins/o-126.shtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ciac.org/ciac/bulletins/o-127.shtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2004/dsa-479"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2004/dsa-480"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2004/dsa-481"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2004/dsa-482"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2004/dsa-489"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2004/dsa-491"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2004/dsa-495"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:029"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-504.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-505.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2005-293.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/10152"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2336"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15867"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10556"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000846"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://linux.bkbits.net:8080/linux-2.4/cset%404056b368s6vpJbGWxDD_LhQNYQrdzQ"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=108213675028441\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2004-166.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200407-02.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ciac.org/ciac/bulletins/o-121.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ciac.org/ciac/bulletins/o-126.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ciac.org/ciac/bulletins/o-127.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2004/dsa-479"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2004/dsa-480"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2004/dsa-481"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2004/dsa-482"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2004/dsa-489"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2004/dsa-491"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2004/dsa-495"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:029"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-504.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-505.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2005-293.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/10152"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2336"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15867"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10556"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.