Main Vulnerability Database SB2002123104

SB2002123104 - Insufficient ui warning of dangerous operations in Linux kernel

Published: December 31, 2002

Security Bulletin ID SB2002123104

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Insufficient ui warning of dangerous operations (CVE-ID: CVE-2002-1976)

The vulnerability allows a local user to gain access to sensitive information.

ifconfig, when used on the Linux kernel 2.2 and later, does not report when the network interface is in promiscuous mode if it was put in promiscuous mode using PACKET_MR_PROMISC, which could allow attackers to sniff the network without detection, as demonstrated using libpcap.

Remediation

Install update from vendor's website.

References

http://archives.neohapsis.com/archives/bugtraq/2002-07/0279.html
http://online.securityfocus.com/archive/1/284142
http://online.securityfocus.com/archive/1/284257
http://www.iss.net/security_center/static/9676.php
http://www.securityfocus.com/bid/5304