CVE: CAN-2003-0465
Updated: Tue, 06 Jul 2004 14:31:39 +0900
Summary: The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad
         the buffer on architectures other than x86, as opposed to the expected
         behavior of strncpy as implemented in libc, which could lead to 
	 information leaks. (text:CAN-2003-0465)
Priority: Low
Status: Closed
Status Note: Does not effect x86
Source: RHSA-2004:188-14
Link:  http://www.ultramonkey.org/news_archive.shtml#2004062601
Resolved In:
  Kernel: None
  Patch: file://patch/linux-2.4.21-strncpy-zero-pad.patch (from 2.4.21-15.EL)
  Red Hat Linux 7.3:
         Vendor:      Not Vulnerable (Does not effect x86)
         UltraMonkey: Not Vulnerable (Does not effect x86)
  Red Hat Linux 8.0:
         Vendor:      Not Vulnerable (Does not effect x86)
         UltraMonkey: Not Vulnerable (Does not effect x86)
  Red Hat Linux 9:
         Vendor:      Not Vulnerable (Does not effect x86)
         UltraMonkey: Not Vulnerable (Does not effect x86)
  Fedora Core 1:
         Vendor:      Not Vulnerable (Does not effect x86)
         UltraMonkey: Not Vulnerable (Does not effect x86)
  Red Hat Enterprise Linux 3:
         Vendor:      kernel-2.4.21-15.EL
         UltraMonkey: kernel-2.4.21-15.0.2.EL.um.1
  Debian Woody:
         Vendor:      Not Vulnerable (Does not effect x86)
         UltraMonkey: Not Vulnerable (Does not effect x86)
  Debian Sid:
         Vendor:      Not Vulnerable (Does not effect x86)
         UltraMonkey: Not Vulnerable (Does not effect x86)