Lucene search

K

[email protected]CVE-2003-0461

HistoryAug 27, 2003 - 4:00 a.m.

CVE-2003-0461

2003-08-2704:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

34

cve-2003-0461

linux

serial link

information disclosure

password length

5.6 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.3%

/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords.

CPENameOperatorVersion
redhat:linuxredhat linuxeq7.2
redhat:linuxredhat linuxeq8.0
redhat:linuxredhat linuxeq7.3
redhat:linuxredhat linuxeq9.0
redhat:linuxredhat linuxeq7.1

References

rsbac.dyndns.org/pipermail/rsbac/2002-May/000162.html

www.debian.org/security/2004/dsa-358

www.debian.org/security/2004/dsa-423

www.redhat.com/support/errata/RHSA-2003-238.html

www.redhat.com/support/errata/RHSA-2004-188.html

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A304

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9330

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A997

5.6 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.3%

Related for CVE-2003-0461

ubuntucve1 nessus4 redhat1 securityvulns1 openvas4 debian3 osv2