| 1 |
Candidate: CVE-2003-0461
|
| 2 |
References:
|
| 3 |
MISC:http://rsbac.dyndns.org/pipermail/rsbac/2002-May/000162.html
|
| 4 |
REDHAT:RHSA-2003:238
|
| 5 |
URL:http://www.redhat.com/support/errata/RHSA-2003-238.html
|
| 6 |
REDHAT:RHSA-2004:188
|
| 7 |
URL:http://www.redhat.com/support/errata/RHSA-2004-188.html
|
| 8 |
DEBIAN:DSA-358
|
| 9 |
URL:http://www.debian.org/security/2004/dsa-358
|
| 10 |
DEBIAN:DSA-423
|
| 11 |
URL:http://www.debian.org/security/2004/dsa-423
|
| 12 |
OVAL:OVAL304
|
| 13 |
URL:http://oval.mitre.org/oval/definitions/data/oval304.html
|
| 14 |
OVAL:OVAL997
|
| 15 |
URL:http://oval.mitre.org/oval/definitions/data/oval997.html
|
| 16 |
Description:
|
| 17 |
/proc/tty/driver/serial in Linux 2.4.x reveals the exact number
|
| 18 |
of characters used in serial links, which could allow local users
|
| 19 |
to obtain potentially sensitive information such as the length of
|
| 20 |
passwords.
|
| 21 |
Notes:
|
| 22 |
dannf> Here's the patches I used:
|
| 23 |
http://linux.bkbits.net:8080/linux-2.4/cset@41a6020dX1GoVx_Eydy1jUOqc11tpw?nav=index.html|src/|src/fs|src/fs/proc|related/fs/proc/proc_tty.c
|
| 24 |
http://linux.bkbits.net:8080/linux-2.4/cset@41aca810DvutJ8aEj43OuUqJ4e1EIw?nav=index.html|src/|src/include|src/include/linux|related/include/linux/proc_fs.h
|
| 25 |
Bugs:
|
| 26 |
upstream: released (2.4.29-pre2, 2.6.1)
|
| 27 |
linux-2.6: N/A
|
| 28 |
2.6.8-sarge-security: N/A
|
| 29 |
2.4.27-sarge-security: released (2.4.27-1) [025_proc_tty_security.diff]
|
| 30 |
2.4.19-woody-security: released (2.4.19-4.woody3)
|
| 31 |
2.4.18-woody-security: released (2.4.18-10)
|
| 32 |
2.4.17-woody-security: released (2.4.17-1woody4)
|
| 33 |
2.4.16-woody-security: released (2.4.16-1woody3)
|
| 34 |
2.4.17-woody-security-hppa: released (32.5)
|
| 35 |
2.4.17-woody-security-ia64: released (011226.14.1)
|
| 36 |
2.4.18-woody-security-hppa: released (62.4)
|
Parent Directory
| 
Revision Log