Improper access control in Linux kernel - CVE-2003-0246
Published: June 16, 2003 / Updated: October 11, 2017
Vulnerability identifier: #VU95663
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2003-0246
CWE-ID: CWE-284
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to read and manipulate data.
The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports.
How to mitigate CVE-2003-0246
Install update from vendor's repository.
Sources
- http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0076.html
- http://marc.info/?l=bugtraq&m=105301461726555&w=2
- http://www.debian.org/security/2003/dsa-311
- http://www.debian.org/security/2003/dsa-312
- http://www.debian.org/security/2003/dsa-332
- http://www.debian.org/security/2003/dsa-336
- http://www.debian.org/security/2004/dsa-442
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:066
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:074
- http://www.redhat.com/support/errata/RHSA-2003-147.html
- http://www.redhat.com/support/errata/RHSA-2003-172.html
- http://www.turbolinux.com/security/TLSA-2003-41.txt
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A278