CVE-2004-0133

The XFS file system code in Linux 2.4.x has an information leak in which in-memory data is written to the device for the XFS file system, which allows local users to obtain sensitive information by reading the raw device.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
ftp://patches.sgi.com/support/free/security/advisories/20040405-01-U.asc	Patch Vendor Advisory
http://marc.info/?l=bugtraq&m=108213675028441&w=2
http://secunia.com/advisories/11362
http://security.gentoo.org/glsa/glsa-200407-02.xml
http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html	Patch Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2004:029
http://www.securityfocus.com/bid/10151
https://exchange.xforce.ibmcloud.com/vulnerabilities/15901
ftp://patches.sgi.com/support/free/security/advisories/20040405-01-U.asc	Patch Vendor Advisory
http://marc.info/?l=bugtraq&m=108213675028441&w=2
http://secunia.com/advisories/11362
http://security.gentoo.org/glsa/glsa-200407-02.xml
http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html	Patch Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2004:029
http://www.securityfocus.com/bid/10151
https://exchange.xforce.ibmcloud.com/vulnerabilities/15901

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*

History

20 Nov 2024, 23:47

Type	Values Removed	Values Added
References	~~() ftp://patches.sgi.com/support/free/security/advisories/20040405-01-U.asc - Patch, Vendor Advisory~~	() ftp://patches.sgi.com/support/free/security/advisories/20040405-01-U.asc - Patch, Vendor Advisory
References	~~() http://marc.info/?l=bugtraq&m=108213675028441&w=2 -~~	() http://marc.info/?l=bugtraq&m=108213675028441&w=2 -
References	~~() http://secunia.com/advisories/11362 -~~	() http://secunia.com/advisories/11362 -
References	~~() http://security.gentoo.org/glsa/glsa-200407-02.xml -~~	() http://security.gentoo.org/glsa/glsa-200407-02.xml -
References	~~() http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html - Patch, Vendor Advisory~~	() http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html - Patch, Vendor Advisory
References	~~() http://www.mandriva.com/security/advisories?name=MDKSA-2004:029 -~~	() http://www.mandriva.com/security/advisories?name=MDKSA-2004:029 -
References	~~() http://www.securityfocus.com/bid/10151 -~~	() http://www.securityfocus.com/bid/10151 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/15901 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/15901 -

Information

Published : 2004-06-01 04:00

Updated : 2024-11-20 23:47

NVD link : CVE-2004-0133

Mitre link : CVE-2004-0133

CVE.ORG link : CVE-2004-0133

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-Other

2.1 /10