CVE-2004-0177 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2004-0177

CVE-2004-0177

April 16, 2004

The ext3 code in Linux 2.4.x before 2.4.26 does not properly initialize journal descriptor blocks, which causes an information leak in which in-memory data is written to the device for the ext3 file system, which allows privileged users to obtain portions of kernel memory by reading the raw device.

Related Resources (25)

http://www.debian.org/security/2004/dsa-489

https://exchange.xforce.ibmcloud.com/vulnerabilities/15867

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10556

http://www.ciac.org/ciac/bulletins/o-127.shtml

http://www.debian.org/security/2004/dsa-495

http://www.debian.org/security/2004/dsa-479

http://www.redhat.com/support/errata/RHSA-2004-505.html

http://marc.info/?l=bugtraq&m=108213675028441&w=2

http://linux.bkbits.net:8080/linux-2.4/cset%404056b368s6vpJbGWxDD_LhQNYQrdzQ

http://www.securityfocus.com/bid/10152

http://www.redhat.com/support/errata/RHSA-2004-504.html

http://security.gentoo.org/glsa/glsa-200407-02.xml

http://www.debian.org/security/2004/dsa-491

http://www.ciac.org/ciac/bulletins/o-126.shtml

http://www.redhat.com/support/errata/RHSA-2005-293.html

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846

https://people.canonical.com/~ubuntu-security/cve/CVE-2004-0177

https://bugzilla.fedora.us/show_bug.cgi?id=2336

http://www.debian.org/security/2004/dsa-481

http://www.debian.org/security/2004/dsa-482

http://www.debian.org/security/2004/dsa-480

http://rhn.redhat.com/errata/RHSA-2004-166.html

http://www.ciac.org/ciac/bulletins/o-121.shtml

http://www.mandriva.com/security/advisories?name=MDKSA-2004:029

http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html

Do you need more information?

CVSS v4

Base Score:

6.9

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

NONE

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

CVSS v2

Base Score:

5

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

EPSS

Base Score:

1.77