Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2004-0177 | First vendor Publication | 2004-06-01 |
| Vendor | Cve | Last vendor Modification | 2023-11-07 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 5 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| The ext3 code in Linux 2.4.x before 2.4.26 does not properly initialize journal descriptor blocks, which causes an information leak in which in-memory data is written to the device for the ext3 file system, which allows privileged users to obtain portions of kernel memory by reading the raw device. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0177 |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:10556 | |||
| Oval ID: | oval:org.mitre.oval:def:10556 | ||
| Title: | The ext3 code in Linux 2.4.x before 2.4.26 does not properly initialize journal descriptor blocks, which causes an information leak in which in-memory data is written to the device for the ext3 file system, which allows privileged users to obtain portions of kernel memory by reading the raw device. | ||
| Description: | The ext3 code in Linux 2.4.x before 2.4.26 does not properly initialize journal descriptor blocks, which causes an information leak in which in-memory data is written to the device for the ext3 file system, which allows privileged users to obtain portions of kernel memory by reading the raw device. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2004-0177 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Os | 1 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200407-02 (Kernel) File : nvt/glsa_200407_02.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 479-1 (kernel) File : nvt/deb_479_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 479-2 (kernel-image-2.4.18-1-i386) File : nvt/deb_479_2.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 480-1 (kernel-image-2.4.17-hppa kernel-image-2.4... File : nvt/deb_480_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 481-1 (kernel-image-2.4.17-ia64) File : nvt/deb_481_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 482-1 (kernel) File : nvt/deb_482_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 489-1 (kernel-source-2.4.17 kernel-patch-2.4.17-... File : nvt/deb_489_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 491-1 (kernel-source-2.4.19 kernel-patch-2.4.19-... File : nvt/deb_491_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 495-1 (kernel) File : nvt/deb_495_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 5363 | Linux Kernel ext3 File Systems Information Leak The Linux kernel contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the kernel does not properly initialize the journal descriptor blocks, which will disclose information stored in kernel memory to the ext3 file system device, resulting in a loss of confidentiality. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-293.nasl - Type : ACT_GATHER_INFO |
| 2006-02-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0191.nasl - Type : ACT_GATHER_INFO |
| 2005-04-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-293.nasl - Type : ACT_GATHER_INFO |
| 2004-12-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-505.nasl - Type : ACT_GATHER_INFO |
| 2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-479.nasl - Type : ACT_GATHER_INFO |
| 2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-480.nasl - Type : ACT_GATHER_INFO |
| 2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-481.nasl - Type : ACT_GATHER_INFO |
| 2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-482.nasl - Type : ACT_GATHER_INFO |
| 2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-489.nasl - Type : ACT_GATHER_INFO |
| 2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-491.nasl - Type : ACT_GATHER_INFO |
| 2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-495.nasl - Type : ACT_GATHER_INFO |
| 2004-08-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200407-02.nasl - Type : ACT_GATHER_INFO |
| 2004-07-31 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-029.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-02-02 01:02:31 |
|
| 2024-02-01 12:01:31 |
|
| 2023-11-07 21:48:10 |
|
| 2021-05-04 12:02:17 |
|
| 2021-04-22 01:02:25 |
|
| 2020-05-23 00:15:44 |
|
| 2017-10-11 09:23:20 |
|
| 2017-07-11 12:01:24 |
|
| 2016-10-18 12:01:18 |
|
| 2016-04-26 12:47:28 |
|
| 2014-02-17 10:27:15 |
|
| 2013-05-11 11:40:00 |
|
