CVE-2005-3257

Description

The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12, and possibly other versions including 2.6.14.4, allows local users to use the KDSKBSENT ioctl on terminals of other users and gain privileges, as demonstrated by modifying key bindings using loadkeys.

CVSS Metrics

• v2.0•MEDIUM•Score: 4.6AV:L/AC:L/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 0.39%• Percentile: 60%

Techniques & Countermeasures

• CWE-264•Permissions, Privileges, and Access Controls

  Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Affected Systems

• linux•linux_kernel

  2.6.12 | 2.6.14.4

References (18)

• http://www.mandriva.com/security/advisories?name=MDKSA-2005:235
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10615
• http://www.mandriva.com/security/advisories?name=MDKSA-2005:220
• http://secunia.com/advisories/19369
• http://secunia.com/advisories/18203
• http://secunia.com/advisories/17226
• http://www.debian.org/security/2006/dsa-1018
• http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=334113
• http://secunia.com/advisories/19185
• http://www.securityfocus.com/bid/15122
• http://rhn.redhat.com/errata/RHBA-2007-0304.html
• http://www.mandriva.com/security/advisories?name=MDKSA-2005:218
• http://secunia.com/advisories/17826
• http://www.debian.org/security/2006/dsa-1017
• http://www.mandriva.com/security/advisories?name=MDKSA-2005:219
• http://secunia.com/advisories/19374
• https://usn.ubuntu.com/231-1/
• http://secunia.com/advisories/17995