Main Vulnerability Database Vulnerabilities #VU95666

Missing authorization in Linux kernel - CVE-2002-0570

Published: July 3, 2002 / Updated: December 19, 2017

Vulnerability identifier: #VU95666

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2002-0570

CWE-ID: CWE-862

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Linux Foundation

Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a local user to corrupt data.

The encrypted loop device in Linux kernel 2.4.10 and earlier does not authenticate the entity that is encrypting data, which allows local users to modify encrypted data without knowing the key.

How to mitigate CVE-2002-0570

Install update from vendor's repository.

Sources

http://archives.neohapsis.com/archives/bugtraq/2002-01/0010.html
http://www.securityfocus.com/bid/3775
https://exchange.xforce.ibmcloud.com/vulnerabilities/7769

Missing authorization in Linux kernel - CVE-2002-0570

Detailed vulnerability description

How to mitigate CVE-2002-0570

Sources

Please verify you're human