Candidate: CVE-2005-3180
References: 
 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3180
 CONFIRM:http://www.kernel.org/hg/linux-2.6/?cmd=changeset;node=feecb2ffde28639e60ede769c6f817dc536c677b
Description: 
 The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and earlier does
 not properly clear memory from a previously used packet whose length
 is increased, which allows remote attackers to obtain sensitive
 information.
Notes: 
 > > From: Pavel Roskin <proski@gnu.org>
 > > 
 > > The orinoco driver can send uninitialized data exposing random pieces of
 > > the system memory.  This happens because data is not padded with zeroes
 > > when its length needs to be increased.
 horms> a better fix for this is 
 horms> http://mirror.local.valinux.co.jp/linux/kernel/v2.6/ChangeLog-2.6.15
 horms> 192_orinoco-info-leak.diff is missing the ALIGN macro which is not
 horms> defined elsewhere in 2.4. 
 horms> is added by 192_orinoco-info-leak-2.diff
upstream: released (2.6.13.4), released (2.4.33-pre2)
linux-2.6: released (2.6.13+2.6.14-rc4-0experimental.1)
2.6.8-sarge-security: released (2.6.8-16sarge2) [orinoco-info-leak.dpatch]
2.4.27-sarge-security: released (2.4.27-10sarge2) [192_orinoco-info-leak.diff, 192_orinoco-info-leak-2.diff]
2.4.19-woody-security: 
2.4.18-woody-security: 
2.4.17-woody-security: 
2.4.16-woody-security: 
2.4.17-woody-security-hppa: 
2.4.17-woody-security-ia64: 
2.4.18-woody-security-hppa: