CVE: CAN-2004-0133
Updated: Tue, 06 Jul 2004 14:03:50 +0900
Summary: The XFS file system code in Linux 2.4.x has an information leak in
         which in-memory data is written to the device for an ext3 file 
	 system, which allows local users to obtain sensitive information by 
	 reading the raw device. (text:CAN-2004-0133)
Status: Closed
Priority: Low
Source: FEDORA-2004-111
Link:  http://www.ultramonkey.org/news_archive.shtml#2004062601
Resolved In:
  Kernel: 2.4.26-pre2 (XFS added to the kernel in 2.4.25)
  Patch: http://linux.bkbits.net:8080/linux-2.4/cset@1.1302.38.1??index.html
  Red Hat Linux 7.3:
          Vendor:      Not Vulnerable (<2.4.25)
          UltraMonkey: Not Vulnerable (<2.4.25)
  Red Hat Linux 8.0:
          Vendor:      Not Vulnerable (<2.4.25)
          UltraMonkey: Not Vulnerable (<2.4.25)
  Red Hat Linux 9:
          Vendor:      Not Vulnerable (<2.4.25)
          UltraMonkey: Not Vulnerable (<2.4.25)
  Fedora Core 1:
          Vendor:      kernel-2.4.22-1.2188.nptl
          UltraMonkey: kernel-2.4.22-1.2194.nptl.um.1
  Red Hat Enterprise Linux 3:
          Vendor:      Not Vulnerable (<2.4.25)
          UltraMonkey: Not Vulnerable (<2.4.25)
  Debian Woody:
          Vendor:      Not Vulnerable (<2.4.25)
          UltraMonkey: Not Vulnerable (<2.4.25)
  Debian Sid:
          Vendor:      kernel-source-2.4.26_2.4.26-1
          UltraMonkey: Not Vulnerable (<2.4.25)