2.1
CVSSv2

CVE-2005-0400

Published: 02/05/2005 Updated: 03/10/2018
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

The ext2_make_empty function call in the Linux kernel prior to 2.6.11.6 does not properly initialize memory when creating a block for a new directory entry, which allows local users to obtain potentially sensitive information by reading the block.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

Vendor Advisories

Mathieu Lafon discovered an information leak in the ext2 file system driver When a new directory was created, the ext2 block written to disk was not initialized, so that previous memory contents (which could contain sensitive data like passwords) became visible on the raw device This is particularly important if the target device is removable and ...
Synopsis Updated kernel packages available for Red Hat Enterprise Linux 3 Update 6 Type/Severity Security Advisory: Important Topic Updated kernel packages are now available as part of ongoing support andmaintenance of Red Hat Enterprise Linux version 3 This is the sixthregular updateThis security adviso ...
Synopsis kernel security update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix several security issues are now availablefor Red Hat Enterprise Linux 4This update has been rated as having important security impact by the RedHat Security Response Team[Updated 9 August 2005 ...