retired/CVE-2003-0461


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

Candidate: CVE-2003-0461
References: 
 MISC:http://rsbac.dyndns.org/pipermail/rsbac/2002-May/000162.html
 REDHAT:RHSA-2003:238
 URL:http://www.redhat.com/support/errata/RHSA-2003-238.html
 REDHAT:RHSA-2004:188
 URL:http://www.redhat.com/support/errata/RHSA-2004-188.html
 DEBIAN:DSA-358
 URL:http://www.debian.org/security/2004/dsa-358
 DEBIAN:DSA-423
 URL:http://www.debian.org/security/2004/dsa-423
 OVAL:OVAL304
 URL:http://oval.mitre.org/oval/definitions/data/oval304.html
 OVAL:OVAL997
 URL:http://oval.mitre.org/oval/definitions/data/oval997.html
 Description: 
 /proc/tty/driver/serial in Linux 2.4.x reveals the exact number
 of characters used in serial links, which could allow local users
 to obtain potentially sensitive information such as the length of
 passwords.
Notes: 
 dannf> Here's the patches I used:
 http://linux.bkbits.net:8080/linux-2.4/cset@41a6020dX1GoVx_Eydy1jUOqc11tpw?nav=index.html|src/|src/fs|src/fs/proc|related/fs/proc/proc_tty.c
 http://linux.bkbits.net:8080/linux-2.4/cset@41aca810DvutJ8aEj43OuUqJ4e1EIw?nav=index.html|src/|src/include|src/include/linux|related/include/linux/proc_fs.h
Bugs: 
upstream: released (2.4.29-pre2, 2.6.1)
linux-2.6: N/A
2.6.8-sarge-security: N/A
2.4.27-sarge-security: released (2.4.27-1) [025_proc_tty_security.diff]
2.4.19-woody-security: released (2.4.19-4.woody3)
2.4.18-woody-security: released (2.4.18-10)
2.4.17-woody-security: released (2.4.17-1woody4)
2.4.16-woody-security: released (2.4.16-1woody3)
2.4.17-woody-security-hppa: released (32.5)
2.4.17-woody-security-ia64: released (011226.14.1)
2.4.18-woody-security-hppa: released (62.4)