Ultra Monkey: Kernel Security Bug Database: CAN-2003-0465

Ultra Monkey: High Availability and Load Balancing Solution for Linux

Ultra Monkey: Kernel Security Bug Database

CAN-2003-0465

prev up next
CVE CAN-2003-0465[offsite]
Updated Tue, 06 Jul 2004 14:31:39 +0900
Summary The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad the buffer on architectures other than x86, as opposed to the expected behavior of strncpy as implemented in libc, which could lead to information leaks. (text:CAN-2003-0465)
Priority Low
Status Closed
Status Note Does not effect x86
Source RHSA-2004:188-14
Link Ultra Monkey News 2004-06-26-01
Resolved In
  Kernel None
  Patch linux-2.4.21-strncpy-zero-pad.patch (from 2.4.21-15.EL)
  Red Hat Linux 7.3
         Vendor Not Vulnerable (Does not effect x86)
         UltraMonkey Not Vulnerable (Does not effect x86)
  Red Hat Linux 8.0
         Vendor Not Vulnerable (Does not effect x86)
         UltraMonkey Not Vulnerable (Does not effect x86)
  Red Hat Linux 9
         Vendor Not Vulnerable (Does not effect x86)
         UltraMonkey Not Vulnerable (Does not effect x86)
  Fedora Core 1
         Vendor Not Vulnerable (Does not effect x86)
         UltraMonkey Not Vulnerable (Does not effect x86)
  Red Hat Enterprise Linux 3
         Vendor kernel-2.4.21-15.EL
         UltraMonkey kernel-2.4.21-15.0.2.EL.um.1
  Debian Woody
         Vendor Not Vulnerable (Does not effect x86)
         UltraMonkey Not Vulnerable (Does not effect x86)
  Debian Sid
         Vendor Not Vulnerable (Does not effect x86)
         UltraMonkey Not Vulnerable (Does not effect x86)
local data for debugging.
Information provided here is based on the information from the links above and is intended as a refereance only.

Copyright © 2000-2005, Horms
Last Updated: Sat, 04 Mar 2006 02:33:59 -0500

Debian is a registered trademark of Software in the Public Interest, Inc.
Red Hat, the Red Hat Shadowman logo and Fedora are registered trademarks of Red Hat, Inc.
Red Hat may also be refered to as RedHat on this site.
Linux is a registered trademark of Linus Torvalds.
All other trademarks are the property of their respective owners.

prev up next
CVE	CAN-2003-0465[offsite]
Updated	Tue, 06 Jul 2004 14:31:39 +0900
Summary	The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad the buffer on architectures other than x86, as opposed to the expected behavior of strncpy as implemented in libc, which could lead to information leaks. (text:CAN-2003-0465)
Priority	Low
Status	Closed
Status Note	Does not effect x86
Source	RHSA-2004:188-14
Link	Ultra Monkey News 2004-06-26-01
Resolved In
Kernel	None
Patch	linux-2.4.21-strncpy-zero-pad.patch (from 2.4.21-15.EL)
Red Hat Linux 7.3
Vendor	Not Vulnerable (Does not effect x86)
UltraMonkey	Not Vulnerable (Does not effect x86)
Red Hat Linux 8.0
Vendor	Not Vulnerable (Does not effect x86)
UltraMonkey	Not Vulnerable (Does not effect x86)
Red Hat Linux 9
Vendor	Not Vulnerable (Does not effect x86)
UltraMonkey	Not Vulnerable (Does not effect x86)
Fedora Core 1
Vendor	Not Vulnerable (Does not effect x86)
UltraMonkey	Not Vulnerable (Does not effect x86)
Red Hat Enterprise Linux 3
Vendor	kernel-2.4.21-15.EL
UltraMonkey	kernel-2.4.21-15.0.2.EL.um.1
Debian Woody
Vendor	Not Vulnerable (Does not effect x86)
UltraMonkey	Not Vulnerable (Does not effect x86)
Debian Sid
Vendor	Not Vulnerable (Does not effect x86)
UltraMonkey	Not Vulnerable (Does not effect x86)
local data for debugging.
Information provided here is based on the information from the links above and is intended as a refereance only.