SB2004010501 - Missing release of memory after effective lifetime in Linux kernel
Published: January 5, 2004
Security Bulletin ID
SB2004010501
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Missing release of memory after effective lifetime (CVE-ID: CVE-2003-0984)
The vulnerability allows a local user to read and manipulate data.
Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do not properly initialize their structures, which could leak kernel data to user space.
Remediation
Install update from vendor's website.
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000799
- http://marc.info/?l=bugtraq&m=107394143105081&w=2
- http://secunia.com/advisories/10533
- http://secunia.com/advisories/10536
- http://secunia.com/advisories/10537
- http://secunia.com/advisories/10538
- http://secunia.com/advisories/10555
- http://secunia.com/advisories/10582
- http://secunia.com/advisories/10583
- http://secunia.com/advisories/20162
- http://secunia.com/advisories/20163
- http://secunia.com/advisories/20202
- http://secunia.com/advisories/20338
- http://www.debian.org/security/2006/dsa-1067
- http://www.debian.org/security/2006/dsa-1069
- http://www.debian.org/security/2006/dsa-1070
- http://www.debian.org/security/2006/dsa-1082
- http://www.linuxsecurity.com/advisories/engarde_advisory-3904.html
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:001
- http://www.novell.com/linux/security/advisories/2003_049_kernel.html
- http://www.osvdb.org/3317
- http://www.redhat.com/archives/fedora-announce-list/2004-January/msg00000.html
- http://www.redhat.com/support/errata/RHSA-2003-417.html
- http://www.redhat.com/support/errata/RHSA-2004-188.html
- http://www.securityfocus.com/bid/9154
- http://www.securitytracker.com/id?1008594
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13943
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1013
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A859
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9406