Linux Kernel XFS File System Information Leak

2004-04-15T06:11:54
ID OSVDB:5397
Type osvdb
Reporter OSVDB
Modified 2004-04-15T06:11:54

Description

Vulnerability Description

The Linux kernel contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the kernel opens the journal descriptor files for the XFS filesystem, which can disclose information stored in kernel memory to local users able to read the raw device, resulting in a loss of confidentiality.

Solution Description

Upgrade to a kernel version 2.4.26, 2.6.6, or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by applying the vendor-supplied patch.

Short Description

The Linux kernel contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the kernel opens the journal descriptor files for the XFS filesystem, which can disclose information stored in kernel memory to local users able to read the raw device, resulting in a loss of confidentiality.

References:

Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Secunia Advisory ID:11362 Secunia Advisory ID:12075 Secunia Advisory ID:13457 Secunia Advisory ID:15092 Secunia Advisory ID:17002 Secunia Advisory ID:12003 Secunia Advisory ID:13458 Related OSVDB ID: 5363 Related OSVDB ID: 5364 Related OSVDB ID: 5398 RedHat RHSA: RHSA-2004:505 RedHat RHSA: RHSA-2005:293 RedHat RHSA: RHSA-2005:663 RedHat RHSA: RHSA-2004:504 Other Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000846 Other Advisory URL: http://security.gentoo.org/glsa/glsa-200407-02.xml ISS X-Force ID: 15901 CVE-2004-0133 CVE-2004-0177 CVE-2004-0181 CVE-2004-0178 Bugtraq ID: 10151