Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2005-3257

The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12, and possibly other versions including 2.6.14.4, allows local users to use the KDSKBSENT ioctl on terminals of other users and gain privileges, as demonstrated by modifying key bindings using loadkeys.

Published

2005-10-18T22:02:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.6 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

6.4

Weaknesses

Type: Primary
CWE-264

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	linux	linux_kernel	2.6.12	Yes
Operating System	linux	linux_kernel	2.6.14.4	Yes

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=334113 Exploit, Vendor Advisory ([email protected])
http://rhn.redhat.com/errata/RHBA-2007-0304.html ([email protected])
http://secunia.com/advisories/17226 Vendor Advisory ([email protected])
http://secunia.com/advisories/17826 Vendor Advisory ([email protected])
http://secunia.com/advisories/17995 Vendor Advisory ([email protected])
http://secunia.com/advisories/18203 Vendor Advisory ([email protected])
http://secunia.com/advisories/19185 Vendor Advisory ([email protected])
http://secunia.com/advisories/19369 Vendor Advisory ([email protected])
http://secunia.com/advisories/19374 Vendor Advisory ([email protected])
http://www.debian.org/security/2006/dsa-1017 ([email protected])
http://www.debian.org/security/2006/dsa-1018 ([email protected])
http://www.mandriva.com/security/advisories?name=MDKSA-2005:218 ([email protected])
http://www.mandriva.com/security/advisories?name=MDKSA-2005:219 ([email protected])
http://www.mandriva.com/security/advisories?name=MDKSA-2005:220 ([email protected])
http://www.mandriva.com/security/advisories?name=MDKSA-2005:235 ([email protected])
http://www.securityfocus.com/bid/15122 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10615 ([email protected])
https://usn.ubuntu.com/231-1/ ([email protected])
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=334113 Exploit, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHBA-2007-0304.html (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/17226 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/17826 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/17995 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/18203 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/19185 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/19369 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/19374 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2006/dsa-1017 (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2006/dsa-1018 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2005:218 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2005:219 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2005:220 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2005:235 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/15122 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10615 (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/231-1/ (af854a3a-2127-422b-91ae-364da2661108)