Title: Linux Kernel ext2 Directory Creation Arbitrary Memory Disclosure
Mar 25, 2005
Mar 15, 2005
Jan 01, 2001
The Linux kernel EXT2 filesystem contains a flaw that may lead to an unauthorized information disclosure. The problem is that the 'ext2_make_empty()' function does not properly clear filesystem contents when creating a directory and the block written to store the '.' and '..' directory entries remains uninitialized. Up to 4,072 bytes of kernel memory may be leaked on each directory creation, which may allow a malicious user to disclose sensitive kernel memory contents resulting in a loss of confidentiality.
Local Access Required
Loss of Confidentiality
Upgrade to version 2.4.30-rc2, 126.96.36.199 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.