Improper privilege management in Linux kernel - CVE-2002-0429
Published: August 12, 2002 / Updated: October 18, 2016
Vulnerability identifier: #VU100002
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2002-0429
CWE-ID: CWE-269
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to manipulate or delete data.
The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a a binary compatibility interface (lcall).
How to mitigate CVE-2002-0429
Install update from vendor's repository.
Sources
- http://marc.info/?l=bugtraq&m=101561298818888&w=2
- http://www.debian.org/security/2003/dsa-311
- http://www.debian.org/security/2003/dsa-312
- http://www.debian.org/security/2003/dsa-332
- http://www.debian.org/security/2003/dsa-336
- http://www.debian.org/security/2004/dsa-442
- http://www.iss.net/security_center/static/8420.php
- http://www.openwall.com/linux/
- http://www.redhat.com/support/errata/RHSA-2002-158.html
- http://www.securityfocus.com/bid/4259