Apple Computer Inc. Not Affected

Notified:  March 10, 2004 Updated: March 11, 2004

Status

Not Affected

Vendor Statement

Apple: Not Vulnerable

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Astaro Affected

Updated:  March 25, 2004

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see Up2Date 4.021 #35996.

Conectiva Affected

Notified:  March 10, 2004 Updated: March 11, 2004

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see CLSA-2004:820.

Cray Inc. Unknown

Updated:  March 11, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Debian Affected

Notified:  March 10, 2004 Updated: March 11, 2004

Status

Affected

Vendor Statement

We have fixed this problem for our various kernels in the following advisories: http://www.debian.org/security/2004/dsa-456 http://www.debian.org/security/2004/dsa-454 http://www.debian.org/security/2004/dsa-453 http://www.debian.org/security/2004/dsa-450 http://www.debian.org/security/2004/dsa-444 http://www.debian.org/security/2004/dsa-442 http://www.debian.org/security/2004/dsa-440 http://www.debian.org/security/2004/dsa-439 http://www.debian.org/security/2004/dsa-441 http://www.debian.org/security/2004/dsa-438

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

EMC Corporation Unknown

Updated:  March 11, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Fedora Legacy Project Affected

Updated:  March 25, 2004

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see FLSA:1284.

Fedora Project Affected

Updated:  March 25, 2004

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see FEDORA-2004-080.

FreeBSD Unknown

Updated:  March 11, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Fujitsu Not Affected

Notified:  March 10, 2004 Updated: March 25, 2004

Status

Not Affected

Vendor Statement

Fujitsu's UXP/V o.s. is not affected by the problem in VU#981222 because it does not support the mremap.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Gentoo Linux Affected

Updated:  March 11, 2004

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see GLSA 200403-02.

Guardian Digital Inc. Unknown

Updated:  March 11, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Hewlett-Packard Company Unknown

Updated:  March 11, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Hitachi Unknown

Updated:  March 11, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

IBM Unknown

Notified:  March 10, 2004 Updated: March 25, 2004

Status

Unknown

Vendor Statement

IBM eServer Platform Response For information related to this and other published CERT Advisories that may relate to the IBM eServer Platforms (xSeries, iSeries, pSeries, and zSeries) please go to https://app-06.www.ibm.com/servers/resourcelink/lib03020.nsf/pages/security=alerts?OpenDocument&pathID= In order to access this information you will require a Resource Link ID. To subscribe to Resource Link go to http://app-06.www.ibm.com/servers/resourcelink and follow the steps for registration. All questions should be reffered to servsec@us.ibm.com.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Ingrian Networks Unknown

Updated:  March 11, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Juniper Networks Unknown

Updated:  March 11, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Linux Kernel Archives Affected

Updated:  March 10, 2004

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

This issue is resolved in Linux kernels 2.2.26, 2.4.25, and 2.6.3.

Linux Netwosix Affected

Updated:  March 25, 2004

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see LNSA-#2004-0003.

MandrakeSoft Affected

Notified:  March 10, 2004 Updated: March 25, 2004

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see MDKSA-2004:015 and MDKSA-2004:015-1.

MontaVista Software Unknown

Updated:  March 11, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

NEC Corporation Unknown

Updated:  March 11, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

NetBSD Not Affected

Notified:  March 10, 2004 Updated: March 25, 2004

Status

Not Affected

Vendor Statement

NetBSD is not affected.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Nokia Unknown

Updated:  March 11, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Novell Unknown

Updated:  March 11, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

OpenBSD Unknown

Updated:  March 11, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Openwall GNU/*/Linux Affected

Notified:  March 10, 2004 Updated: March 25, 2004

Status

Affected

Vendor Statement

No supported release of Openwall GNU/*/Linux (Owl) was affected by this vulnerability as of the time it was made public. We had the bug proactively fixed in Owl 1.1 release (Linux kernel 2.4.23-ow2), not realizing its full security impact at the time. Although those are no longer a part of Owl (not in Owl 1.1), we continue to maintain security hardening patches for Linux 2.2.x kernels and make them available for the public. Linux 2.2.x was affected by a variation of this vulnerability and thus, as a service to the community, we had included a workaround in Linux 2.2.25-ow2 patch. Linux 2.2.26 now includes the same change.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Red Hat Inc. Affected

Notified:  March 10, 2004 Updated: March 11, 2004

Status

Affected

Vendor Statement

Updates to correct this issue were made available for Red Hat Linux and Red Hat Enterprise Linux. Users of the Red Hat Network can update their systems using the 'up2date' tool. Red Hat Linux 9: http://rhn.redhat.com/errata/RHSA-2004-065.html Red Hat Enterprise Linux 3: http://rhn.redhat.com/errata/RHSA-2004-066.html Red Hat Enterprise Linux 2.1: http://rhn.redhat.com/errata/RHSA-2004-069.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

SCO Unknown

Updated:  March 11, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Sequent Unknown

Updated:  March 11, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

SGI Affected

Notified:  March 10, 2004 Updated: March 25, 2004

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see 20040204-01-U.

Slackware Affected

Updated:  March 25, 2004

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see SSA:2004-049-01.

SmoothWall Affected

Updated:  March 11, 2004

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see SWL-2004:002.

Sony Corporation Unknown

Updated:  March 11, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Sun Microsystems Inc. Affected

Notified:  March 10, 2004 Updated: March 25, 2004

Status

Affected

Vendor Statement

The following Sun products are vulnerable. Java Desktop System Version 2003. A patch is available to customers via the on-line update mechanism in JDS. Please see http://wwws.sun.com/software/javadesktopsystem/update/index.html for further details. Sun Cobalt legacy products: RaQ4 RaQXTR Qube3 RaQ550 Sun will be publishing Sun Alerts for this issue which will be available from the following location: http://sunsolve.Sun.COM/pub-cgi/search.pl?mode=results&so=date&coll=fsalert&zone_32=category:security The Sun Alerts will be updated with the patch information as soon as patches are available.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

SuSE Inc. Affected

Notified:  March 10, 2004 Updated: March 11, 2004

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see SuSE-SA:2004:005.

Trustix Affected

Updated:  March 11, 2004

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see TSLSA-2004-0007 (Trustix 2.0, kernel 2.4.24) and TSLSA-2004-0008 (Trustix 1.5, kernel 2.2.25).

TurboLinux Affected

Notified:  March 10, 2004 Updated: March 11, 2004

Status

Affected

Vendor Statement

This Vulnerability is fixed by TLSA-2004-7. Please refer to http://www.turbolinux.com/security/2004/TLSA-2004-7.txt

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Unisys Unknown

Updated:  March 11, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Wind River Systems Inc. Unknown

Updated:  March 11, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Wirex Affected

Notified:  March 10, 2004 Updated: March 11, 2004

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see IMNX-2004-7+-001-01.

View all 41 vendors View less vendors