|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2004-0685 :kernel: USB drivers use uninitialized memory | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Thomas Biege <thomas> |
| Component: | Incidents | Assignee: | Hubert Mantel <mantel> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P3 - Medium | CC: | aj, ihno, mfrueh, patch-request, security-team |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | CVE-2004-0685: CVSS v2 Base Score: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P) | ||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Attachments: | usb-leak.txt | ||
|
Description
Thomas Biege
2004-10-25 21:34:45 UTC
<!-- SBZ_reproduce --> - Created attachment 25371 [details]
usb-leak.txt
Mail from vendor-sec@
Oops, this mail is from 2003. :-\ From: Mark J Cox <mjc@redhat.com> To: Thomas Biege <thomas@suse.de> Cc: vendor-sec@lst.de Subject: Re: [vendor-sec] kernel usb driver leak memory Errors-To: vendor-sec-admin@lst.de Date: Mon, 25 Oct 2004 13:55:42 +0100 (BST) > http://www.kb.cert.org/vuls/id/981134 Is that: CAN-2004-0685 usb sparse fixes in 2.4 {MODERATE} More leaks found by Conectiva mentioned to vendor sec on Oct23, Fixed upstream 20031023 therefore 2.6.0 wasn't vulnerable http://linux.bkbits.net:8080/linux-2.6/cset@3f986b35LyBKc-OxB8G6k22oOjgYTQ Fixed on 20040726 by: http://linux.bkbits.net:8080/linux-2.4/cset@410582380U3H9KOx8J2YZmMT0bhXQw Sorry, I do not know how to work with BitKeeper and I plainly refuse to learn how to use this proprietary repository. Can somebody please send me the patches in some usable form? its called ' diff -Nur style patch ' in the links above. fixed. CVE-2004-0685: CVSS v2 Base Score: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P) |