CVE-2004-0133

The XFS file system code in Linux 2.4.x has an information leak in which in-memory data is written to the device for the XFS file system, which allows local users to obtain sensitive information by reading the raw device.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
ftp://patches.sgi.com/support/free/security/advisories/20040405-01-U.asc	Patch Vendor Advisory
http://marc.info/?l=bugtraq&m=108213675028441&w=2
http://secunia.com/advisories/11362
http://security.gentoo.org/glsa/glsa-200407-02.xml
http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html	Patch Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2004:029
http://www.securityfocus.com/bid/10151
https://exchange.xforce.ibmcloud.com/vulnerabilities/15901

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2004-06-01 04:00

Updated : 2024-02-28 10:24

NVD link : CVE-2004-0133

Mitre link : CVE-2004-0133

CVE.ORG link : CVE-2004-0133

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-Other

{"id": "CVE-2004-0133", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2004-06-01T04:00:00.000", "references": [{"url": "ftp://patches.sgi.com/support/free/security/advisories/20040405-01-U.asc", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=108213675028441&w=2", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/11362", "source": "cve@mitre.org"}, {"url": "http://security.gentoo.org/glsa/glsa-200407-02.xml", "source": "cve@mitre.org"}, {"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:029", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/10151", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15901", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The XFS file system code in Linux 2.4.x has an information leak in which in-memory data is written to the device for the XFS file system, which allows local users to obtain sensitive information by reading the raw device."}, {"lang": "es", "value": "El c\u00f3digo del sistema de ficheros XFS en Linux 2.4.x tiene una fuga de informaci\u00f3n en la cual datas de memoria son escritos en el dispositivo de un sistema de ficheros ext3, lo que permite a usuarios locales obtener informaci\u00f3n sensible leyendo el dispositivo directamente (raw)"}], "lastModified": "2017-07-11T01:29:55.323", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C24A129D-2E5E-436C-95DE-AE75D2E8D092"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}