Insufficient ui warning of dangerous operations in Linux kernel - CVE-2002-1976
Published: December 31, 2002 / Updated: September 5, 2008
Vulnerability identifier: #VU99978
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2002-1976
CWE-ID: CWE-357
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to gain access to sensitive information.
ifconfig, when used on the Linux kernel 2.2 and later, does not report when the network interface is in promiscuous mode if it was put in promiscuous mode using PACKET_MR_PROMISC, which could allow attackers to sniff the network without detection, as demonstrated using libpcap.
How to mitigate CVE-2002-1976
Install update from vendor's repository.