Vulnerability Name:

CVE-2004-0133 (CCN-15901)

Assigned:2004-04-14
Published:2004-04-14
Updated:2017-07-11
Summary:The XFS file system code in Linux 2.4.x has an information leak in which in-memory data is written to the device for the XFS file system, which allows local users to obtain sensitive information by reading the raw device.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Obtain Information
References:Source: SGI
Type: Patch, Vendor Advisory
20040405-01-U

Source: MITRE
Type: CNA
CVE-2004-0133

Source: CCN
Type: Conectiva Linux Announcement CLSA-2004:846
Fixes for kernel vulnerabilities

Source: TRUSTIX
Type: UNKNOWN
2004-0020

Source: CCN
Type: SA11362
Linux Kernel File Systems Information Leak and Denial of Service

Source: SECUNIA
Type: UNKNOWN
11362

Source: GENTOO
Type: UNKNOWN
GLSA-200407-02

Source: CCN
Type: GLSA-200407-02
Linux Kernel: Multiple vulnerabilities

Source: CCN
Type: Linux kernel Web site
The Linux Kernel Archives

Source: ENGARDE
Type: Patch, Vendor Advisory
ESA-20040428-004

Source: CCN
Type: Trustix Secure Linux Security Advisory #2004-0020
kernel

Source: CCN
Type: Guardian Digital Security Advisory ESA-20040428-004
kernel

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2004:029

Source: CCN
Type: OSVDB ID: 5397
Linux Kernel XFS File System Information Leak

Source: BID
Type: UNKNOWN
10151

Source: CCN
Type: BID-10151
Linux Kernel XFS File System Information Leakage Vulnerability

Source: XF
Type: UNKNOWN
linux-xfs-info-disclosure(15901)

Source: XF
Type: UNKNOWN
linux-xfs-info-disclosure(15901)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:linux:linux_kernel:2.4.0:-:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/o:linux:linux_kernel:2.4.3:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.4:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.5:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.6:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.18:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.20:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.22:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.7:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.21:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.0:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.1:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.10:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.11:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.12:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.13:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.14:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.15:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.16:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.17:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.19:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.2:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.23:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.24:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.25:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.8:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.9:*:*:*:*:*:*:*
  • AND
  • cpe:/o:conectiva:linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:engardelinux:secure_community:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.1::ppc:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2::amd64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    linux linux kernel 2.4.0
    linux linux kernel 2.4.3
    linux linux kernel 2.4.4
    linux linux kernel 2.4.5
    linux linux kernel 2.4.6
    linux linux kernel 2.4.18
    linux linux kernel 2.4.20
    linux linux kernel 2.4.22
    linux linux kernel 2.4.7
    linux linux kernel 2.4.21
    linux linux kernel 2.4.0
    linux linux kernel 2.4.1
    linux linux kernel 2.4.10
    linux linux kernel 2.4.11
    linux linux kernel 2.4.12
    linux linux kernel 2.4.13
    linux linux kernel 2.4.14
    linux linux kernel 2.4.15
    linux linux kernel 2.4.16
    linux linux kernel 2.4.17
    linux linux kernel 2.4.19
    linux linux kernel 2.4.2
    linux linux kernel 2.4.23
    linux linux kernel 2.4.24
    linux linux kernel 2.4.25
    linux linux kernel 2.4.8
    linux linux kernel 2.4.9
    conectiva linux 8.0
    gentoo linux *
    mandrakesoft mandrake multi network firewall 8.2
    mandrakesoft mandrake linux corporate server 2.1
    mandrakesoft mandrake linux 9.1
    conectiva linux 9.0
    trustix secure linux 2.0
    engardelinux secure community 2.0
    mandrakesoft mandrake linux 9.2
    trustix secure linux 2.1
    mandrakesoft mandrake linux 10.0
    mandrakesoft mandrake linux 9.1
    mandrakesoft mandrake linux 9.2
    mandrakesoft mandrake linux corporate server 2.1