blob: c947ee6835d938867502c95309f6c761efc0d0cf (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
Candidate: CVE-2003-0461
References:
MISC:http://rsbac.dyndns.org/pipermail/rsbac/2002-May/000162.html
REDHAT:RHSA-2003:238
URL:http://www.redhat.com/support/errata/RHSA-2003-238.html
REDHAT:RHSA-2004:188
URL:http://www.redhat.com/support/errata/RHSA-2004-188.html
DEBIAN:DSA-358
URL:http://www.debian.org/security/2004/dsa-358
DEBIAN:DSA-423
URL:http://www.debian.org/security/2004/dsa-423
OVAL:OVAL304
URL:http://oval.mitre.org/oval/definitions/data/oval304.html
OVAL:OVAL997
URL:http://oval.mitre.org/oval/definitions/data/oval997.html
Description:
/proc/tty/driver/serial in Linux 2.4.x reveals the exact number
of characters used in serial links, which could allow local users
to obtain potentially sensitive information such as the length of
passwords.
Notes:
dannf> Here's the patches I used:
http://linux.bkbits.net:8080/linux-2.4/cset@41a6020dX1GoVx_Eydy1jUOqc11tpw?nav=index.html|src/|src/fs|src/fs/proc|related/fs/proc/proc_tty.c
http://linux.bkbits.net:8080/linux-2.4/cset@41aca810DvutJ8aEj43OuUqJ4e1EIw?nav=index.html|src/|src/include|src/include/linux|related/include/linux/proc_fs.h
Bugs:
upstream: released (2.4.29-pre2, 2.6.1)
linux-2.6: N/A
2.6.8-sarge-security: N/A
2.4.27-sarge-security: released (2.4.27-1) [025_proc_tty_security.diff]
2.4.19-woody-security: released (2.4.19-4.woody3)
2.4.18-woody-security: released (2.4.18-10)
2.4.17-woody-security: released (2.4.17-1woody4)
2.4.16-woody-security: released (2.4.16-1woody3)
2.4.17-woody-security-hppa: released (32.5)
2.4.17-woody-security-ia64: released (011226.14.1)
2.4.18-woody-security-hppa: released (62.4)
|