PT-2004-3726 · Linux+1 · Linux Kernel+1

Tim Yamin

·

Published

1970-01-01

·

Updated

2017-10-11

·

CVE-2004-0685

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel version 2.4 Debian GNU/Linux kernel-image-2.4.18-powerpc-xfs Debian GNU/Linux kernel-image-2.4.18-sun4u Debian GNU/Linux kernel-image-2.4.18-sun4u-smp Debian GNU/Linux kernel-image-2.4.19-sun4u Debian GNU/Linux kernel-image-2.4.19-sun4u-smp Debian GNU/Linux kernel-headers-2.4.18-sparc Debian GNU/Linux kernel-headers-2.4.19-sparc Debian GNU/Linux kernel-patch-benh
Description The issue is related to certain USB drivers in the Linux 2.4 kernel using the copy to user function on uninitialized structures, which could allow local users to obtain sensitive information by reading memory that was not cleared from previous usage. Multiple vulnerabilities in Debian GNU/Linux kernel packages can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely.
Recommendations For Linux kernel version 2.4, update to a newer version to mitigate the risk. For Debian GNU/Linux kernel-image-2.4.18-powerpc-xfs, consider disabling the vulnerable kernel module until a patch is available. For Debian GNU/Linux kernel-image-2.4.18-sun4u, restrict access to the vulnerable kernel module to minimize the risk of exploitation. For Debian GNU/Linux kernel-image-2.4.18-sun4u-smp, avoid using the vulnerable kernel module in production environments until the issue is resolved. For Debian GNU/Linux kernel-image-2.4.19-sun4u, consider applying configuration changes to mitigate the vulnerability. For Debian GNU/Linux kernel-image-2.4.19-sun4u-smp, restrict access to the vulnerable kernel module to minimize the risk of exploitation. For Debian GNU/Linux kernel-headers-2.4.18-sparc, consider disabling the vulnerable kernel module until a patch is available. For Debian GNU/Linux kernel-headers-2.4.19-sparc, avoid using the vulnerable kernel module in production environments until the issue is resolved. For Debian GNU/Linux kernel-patch-benh, consider applying configuration changes to mitigate the vulnerability.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

BDU:2015-03380
BDU:2015-03381
BDU:2015-03382
BDU:2015-03383
BDU:2015-03384
BDU:2015-03385
BDU:2015-03576
BDU:2015-03577
CVE-2004-0685
DSA-1067-1
DSA-1069-1
DSA-1070-1
DSA-1082-1
RHSA-2004:549

Affected Products

Debian
Linux Kernel