CVE: CAN-2003-0018
Updated: Tue, 06 Jul 2004 14:36:57 +0900
Summary: Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle
         the O_DIRECT feature, which allows local attackers with write 
	 privileges to read portions of previously deleted files, or cause 
	 file system corruption. This bug has been fixed by disabling O_DIRECT.
         characters used in serial links. (text:DSA-358-4)
Priority: Low
Status: Closed
Source: DSA-358-4, RHSA-2003:025-20
Link:  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0018
       http://www.debian.org/security/2003/dsa-358
       http://rhn.redhat.com/errata/RHSA-2003-025.html
Resolved In:
  Kernel: 2.4.21-pre4
  Patch:  http://linux.bkbits.net:8080/linux-2.4/cset@1.930??nav=index.html
  Red Hat Linux 7.3:
          Vendor:      kernel-2.4.18-24.7
          UltraMonkey: kernel-2.4.18-27.7.um.1 (initial release)
  Red Hat Linux 8.0:
          Vendor:      kernel-2.4.18-24.8
          UltraMonkey: kernel-2.4.18-27.8.um.1 (initial release)
  Red Hat Linux 9:
          Vendor:      Not Vulnerable (RHSA-2003:025-20)
          UltraMonkey: Not Vulnerable (RHSA-2003:025-20)
  Fedora Core 1:
          Vendor:      Not Vulnerable (>=2.4.21-pre4)
          UltraMonkey: Not Vulnerable (>=2.4.21-pre4)
  Red Hat Enterprise Linux 3:
          Vendor:      Not Vulnerable (>=2.4.21-pre4)
          UltraMonkey: Not Vulnerable (>=2.4.21-pre4)
  Debian Woody:
          Vendor:      kernel-source-2.4.18_2.4.18-11
          UltraMonkey: kernel-source-2.4.22_2.4.22-4woody.um.1
  Debian Sid:
          Vendor:      kernel-source-2.4.21_2.4.21-1
          UltraMonkey: kernel-source-2.4.22_2.4.22-4.um.1