Bug 50212 (CVE-2004-0177)

Summary: VUL-0: CVE-2004-0177: kernel: ext3 filesystem infoleak
Product: [Novell Products] SUSE Security Incidents Reporter: Thomas Biege <thomas>
Component: IncidentsAssignee: Thomas Biege <thomas>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: security-team
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: CVE-2004-0177: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: vendor-sec discussion
infoleak-patch-2.4
infoleak-patch-2.6

Description Thomas Biege 2004-03-01 23:11:31 UTC 
Hi Hubert, 
just a minor one that we should fix together with #34841 .
Comment 1 Thomas Biege 2004-03-01 23:11:31 UTC 
<!-- SBZ_reproduce  -->
See attachements.
Comment 2 Thomas Biege 2004-03-01 23:13:00 UTC 
Created attachment 16285 [details]
vendor-sec discussion
Comment 3 Thomas Biege 2004-03-01 23:13:43 UTC 
Created attachment 16286 [details]
infoleak-patch-2.4
Comment 4 Thomas Biege 2004-03-01 23:14:18 UTC 
Created attachment 16287 [details]
infoleak-patch-2.6
Comment 5 Hubert Mantel 2004-03-04 00:49:14 UTC 
Fixes are in, kernels are waiting for checkin. NOTE: I did not yet check 2.6,
but assume it will be fixed there upstream anyway. So please re-assign to me
after 2.4 kernels are released or check if the latest 2.6 kernel is indeed fixed.
Comment 6 Thomas Biege 2004-03-09 20:32:11 UTC 
CAN-2004-0177
Comment 7 Thomas Biege 2004-03-09 20:36:01 UTC 
CAN-2004-0133 should be used instead...
Comment 8 Thomas Biege 2004-03-24 00:56:08 UTC 
packages released.
Comment 9 Marcus Meissner 2005-04-25 15:46:42 UTC 
redhat used CAN-2004-0177
Comment 10 Thomas Biege 2009-10-13 20:16:21 UTC 
CVE-2004-0177: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)