CVE-2005-3257

Sažetak

The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12, and possibly other versions including 2.6.14.4, allows local users to use the KDSKBSENT ioctl on terminals of other users and gain privileges, as demonstrated by modifying key bindings using loadkeys.

Reference

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=334113
http://rhn.redhat.com/errata/RHBA-2007-0304.html
http://secunia.com/advisories/17226
http://secunia.com/advisories/17826
http://secunia.com/advisories/17995
http://secunia.com/advisories/18203
http://secunia.com/advisories/19185
http://secunia.com/advisories/19369
http://secunia.com/advisories/19374
http://www.debian.org/security/2006/dsa-1017
http://www.debian.org/security/2006/dsa-1018
http://www.mandriva.com/security/advisories?name=MDKSA-2005:218
http://www.mandriva.com/security/advisories?name=MDKSA-2005:219
http://www.mandriva.com/security/advisories?name=MDKSA-2005:220
http://www.mandriva.com/security/advisories?name=MDKSA-2005:235
http://www.securityfocus.com/bid/15122
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10615
https://usn.ubuntu.com/231-1/

CVSS

Base:	4.6
Impact:	6.4
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

03-10-2018 - 21:31

Objavljeno

18-10-2005 - 22:02