CVE-2003-0461

Sažetak

/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords.

Reference

http://rsbac.dyndns.org/pipermail/rsbac/2002-May/000162.html
http://www.debian.org/security/2004/dsa-358
http://www.debian.org/security/2004/dsa-423
http://www.redhat.com/support/errata/RHSA-2003-238.html
http://www.redhat.com/support/errata/RHSA-2004-188.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A304
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9330
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A997

CVSS

Base:	2.1
Impact:	2.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

11-10-2017 - 01:29

Objavljeno

27-08-2003 - 04:00