Home > Vulnerability Database > CVE-2004-0177

Mend.io Vulnerability Database

CVE-2004-0177

Date: April 15, 2004

The ext3 code in Linux 2.4.x before 2.4.26 does not properly initialize journal descriptor blocks, which causes an information leak in which in-memory data is written to the device for the ext3 file system, which allows privileged users to obtain portions of kernel memory by reading the raw device.

Severity Score

5.3

Related Resources (27)

Url: https://bugzilla.fedora.us/show_bug.cgi?id=2336

Url: http://www.redhat.com/support/errata/RHSA-2004-505.html

Url: http://www.debian.org/security/2004/dsa-480

Url: http://www.debian.org/security/2004/dsa-481

Url: http://rhn.redhat.com/errata/RHSA-2004-166.html

Url: http://www.debian.org/security/2004/dsa-482

Url: http://www.ciac.org/ciac/bulletins/o-126.shtml

Url: http://www.securityfocus.com/bid/10152

Url: http://www.ciac.org/ciac/bulletins/o-121.shtml

Url: http://www.redhat.com/support/errata/RHSA-2004-504.html

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2004:029

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/15867

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10556

Url: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846

Url: http://www.redhat.com/support/errata/RHSA-2005-293.html

Url: http://marc.info/?l=bugtraq&m=108213675028441&w=2

Url: http://www.debian.org/security/2004/dsa-479

Url: http://www.debian.org/security/2004/dsa-495

Url: http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html

Url: http://www.debian.org/security/2004/dsa-491

Url: http://linux.bkbits.net:8080/linux-2.4/cset%404056b368s6vpJbGWxDD_LhQNYQrdzQ

Url: http://security.gentoo.org/glsa/glsa-200407-02.xml

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2004-0177

Url: https://nvd.nist.gov/vuln/detail/CVE-2004-0177

Url: http://www.ciac.org/ciac/bulletins/o-127.shtml

Url: http://www.debian.org/security/2004/dsa-489

Url: https://www.mend.io/vulnerability-database/CVE-2004-0177

Severity Score

5.3

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2004-0177

Date: April 15, 2004

Severity Score

Related Resources (27)

Severity Score

CVSS v3.1

CVSS v2

Do you need more information?