4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
0.4%
Unprivileged local users can exploit the sysctl Linux kernel program to gain privileged access.
A program called sysctl in the Linux kernel allows a privileged local user to read or write runtime system settings. Unprivileged local users are also allowed to use sysctl to read many of these settings. The program takes as parameters a buffer location and length. The length parameter is declared as signed and, therefore, allows passing of negative values. According to Chris Evans, the discoverer of this vulnerability, “by specifying a negative buffer length, a user can read pretty arbitrary memory.” This flaw allows attackers to read privileged Linux kernel memory and, ultimately, gain root access. Linux kernel version 2.2.18 or before are vulnerable to this flaw. Any Linux product that is dependent on this kernel is, therefore, vulnerable.
Unprivileged local users can read privileged kernel space addresses and, potentially, gain privileged (root) access.
Upgrade the Linux kernel to version 2.2.19 or later. The release notes for Linux 2.2.19 at <http://www.linux.org.uk/VERSION/relnotes.2219.html> describe the security fix. For users of specific Linux vendors, use the vendor-specific upgrades for convenience and consistency.
698640
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: February 08, 2001 Updated: June 26, 2001
Affected
Caldera’s fix for this vulnerability is at <http://www.caldera.com/support/security/advisories/CSSA-2001-009.0.txt>.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23698640 Feedback>).
Notified: April 19, 2001 Updated: June 26, 2001
Affected
Conectiva’s fix for this vulnerability is at http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000394.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23698640 Feedback>).
Notified: April 16, 2001 Updated: June 26, 2001
Affected
Debian’s fix for this vulnerability is at <http://www.debian.org/security/2001/dsa-047>.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23698640 Feedback>).
Notified: February 08, 2001 Updated: June 26, 2001
Affected
Immunix’s fix for this vulnerability is at <http://download.immunix.org/ImmunixOS/7.0-beta/updates/IMNX-2001-70-002-01>.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23698640 Feedback>).
Notified: April 17, 2001 Updated: June 26, 2001
Affected
MandrakeSoft’s fix for this vulnerability is at <http://www.linux-mandrake.com/en/updates/2001/MDKSA-2001-037.php3?dis=7.0>.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23698640 Feedback>).
Notified: February 08, 2001 Updated: June 26, 2001
Affected
Red Hat provides fixes to this vulnerability at either <http://www.redhat.com/support/errata/RHSA-2001-013.html> or <http://www.redhat.com/support/errata/RHSA-2001-047.html>. The latter link is their most recent word on this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23698640 Feedback>).
Notified: May 17, 2001 Updated: June 26, 2001
Affected
SuSE’s fix for this vulnerability is at <http://www.securityfocus.com/archive/1/185199>.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23698640 Feedback>).
Notified: February 13, 2001 Updated: June 26, 2001
Affected
Trustix’s fix for this vulnerability is at <http://archives.neohapsis.com/archives/bugtraq/2001-02/0267.html>.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23698640 Feedback>).
Updated: July 18, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
BugTraq reported Slackware Linux vulnerable to this flaw at <http://www.securityfocus.com/bid/2364>. The CERT/CC has no additional information at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23698640 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to Chris Evans for discovering this vulnerability.
This document was written by Andrew P. Moore.
CVE IDs: | CVE-2001-0316 |
---|---|
Severity Metric: | 9.22 Date Public: |
archives.neohapsis.com/archives/bugtraq/2001-02/0267.html
distro.conectiva.com/atualizacoes/?id=a&anuncio=000394
download.immunix.org/ImmunixOS/7.0-beta/updates/IMNX-2001-70-002-01
www.caldera.com/support/security/advisories/CSSA-2001-009.0.txt
www.ciac.org/ciac/bulletins/l-045.shtml
www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0316
www.debian.org/security/2001/dsa-047
www.linux-mandrake.com/en/updates/2001/MDKSA-2001-037.php3?dis=7.0
www.linux.org.uk/VERSION/relnotes.2219.html
www.redhat.com/support/errata/RHSA-2001-013.html
www.redhat.com/support/errata/RHSA-2001-047.html
www.securityfocus.com/archive/1/161568
www.securityfocus.com/archive/1/185199
www.securityfocus.com/archive/59/162008
www.securityfocus.com/bid/2364