The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad the buffer on architectures other than x86, as opposed to the expected behavior of strncpy as implemented in libc, which could lead to information leaks.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Linux_kernel | Linux | 2.4.0 (including) | 2.4.0 (including) |
| Linux_kernel | Linux | 2.5.0 (including) | 2.5.0 (including) |
| Red Hat Enterprise Linux 3 | RedHat | kernel-0:2.4.21-15.EL | * |
| Kernel-source-2.4.27 | Ubuntu | dapper | * |
| Kernel-source-2.4.27 | Ubuntu | edgy | * |
References
- http://marc.info/?l=linux-kernel\u0026m=105796021120436\u0026w=2
- http://marc.info/?l=linux-kernel\u0026m=105796415223490\u0026w=2
- http://www.redhat.com/support/errata/RHSA-2004-188.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10285
- http://marc.info/?l=linux-kernel\u0026m=105796021120436\u0026w=2
- http://marc.info/?l=linux-kernel\u0026m=105796415223490\u0026w=2
- http://www.redhat.com/support/errata/RHSA-2004-188.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10285