Linux Kernel Real Time Clock Kernel Memory Disclosure

2004-01-05T12:12:26
ID OSVDB:3317
Type osvdb
Reporter OSVDB
Modified 2004-01-05T12:12:26

Description

Vulnerability Description

The Linux kernel contains a flaw that may lead to an unauthorized information disclosure. The vulnerability is caused due to an unspecified error in "/dev/rtc" real time clock routines, which may disclose parts of kernel memory to unprivileged users. It potentially can be exploited by malicious, local users to gain knowledge of sensitive information.

Solution Description

Upgrade to version 2.4.24 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

The Linux kernel contains a flaw that may lead to an unauthorized information disclosure. The vulnerability is caused due to an unspecified error in "/dev/rtc" real time clock routines, which may disclose parts of kernel memory to unprivileged users. It potentially can be exploited by malicious, local users to gain knowledge of sensitive information.

References:

Vendor URL: http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.24 Vendor Specific Solution URL: http://www.suse.com/de/security/2003_049_kernel.html Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Secunia Advisory ID:20162 Secunia Advisory ID:20163 Secunia Advisory ID:10533 Secunia Advisory ID:20202 Secunia Advisory ID:20338 Other Advisory URL: http://www.linuxsecurity.com/advisories/engarde_advisory-3904.html ISS X-Force ID: 13943 CVE-2003-0984 Bugtraq ID: 9154