CVE-2005-3257

high

Description

The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12, and possibly other versions including 2.6.14.4, allows local users to use the KDSKBSENT ioctl on terminals of other users and gain privileges, as demonstrated by modifying key bindings using loadkeys.

References

https://usn.ubuntu.com/231-1/

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10615

http://www.securityfocus.com/bid/15122

http://www.mandriva.com/security/advisories?name=MDKSA-2005:235

http://www.mandriva.com/security/advisories?name=MDKSA-2005:220

http://www.mandriva.com/security/advisories?name=MDKSA-2005:219

http://www.mandriva.com/security/advisories?name=MDKSA-2005:218

http://www.debian.org/security/2006/dsa-1018

http://www.debian.org/security/2006/dsa-1017

http://secunia.com/advisories/19374

http://secunia.com/advisories/19369

http://secunia.com/advisories/19185

http://secunia.com/advisories/18203

http://secunia.com/advisories/17995

http://secunia.com/advisories/17826

http://secunia.com/advisories/17226

http://rhn.redhat.com/errata/RHBA-2007-0304.html

Details

Source: Mitre, NVD

Published: 2005-10-18

Updated: 2018-10-03

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High