CVE: CAN-2003-0461
Updated: Tue, 06 Jul 2004 14:32:34 +0900
Summary: /proc/tty/driver/serial in Linux 2.4.x reveals the exact number of
	 characters used in serial links, which could allow local users to
	 obtain potentially sensitive information such as the length of
	 passwords. (text:DSA-358-4)
Status: Closed
Priority: Low
Source: RHSA-2004:188-14, RHSA-2003:238-16, DSA-358-4
Link:  http://www.ultramonkey.org/news_archive.shtml#2003080600
       http://www.ultramonkey.org/news_archive.shtml#2003120800
       http://www.ultramonkey.org/news_archive.shtml#2004062802
       http://www.ultramonkey.org/news_archive.shtml#2004062601
Resolved In:
  Kernel: Vulnerable (2.4.22-ac1 ok)
  Patch:  http://developer.osdl.org/~chrisw/audit/2.4/proc_tty_serial.diff
  Red Hat Linux 7.3:
         Vendor:      kernel-2.4.20-19.7
         UltraMonkey: kernel-2.4.20-19.7.um.1
  Red Hat Linux 8.0:
         Vendor:      kernel-2.4.20-19.8
         UltraMonkey: kernel-2.4.20-19.8.um.1
  Red Hat Linux 9:
         Vendor:      kernel-kernel-2.4.20-19.9
         UltraMonkey: kernel-2.4.20-19.9.um.1 (initial release)
  Fedora Core 1:
         Vendor:      Not Vulnerable (>=2.4.22-ac1)
         UltraMonkey: Not Vulnerable (>=2.4.22-ac1)
  Red Hat Enterprise Linux 3:
         Vendor:      kernel-2.4.21-15.EL
         UltraMonkey: kernel-2.4.21-15.0.2.EL.um.1
  Debian Woody:
         Vendor:      kernel-source-2.4.18_2.4.18-11
         UltraMonkey: kernel-source-2.4.22_2.4.22-1-ipvs_2.4.22-4woody.um.1
  Debian Sid:
         Vendor:      kernel-2.4.21_2.4.21-4
         UltraMonkey: kernel-source-2.4.22_2.4.22-1-ipvs_2.4.22-4.um.1