CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
0.4%
The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12, and possibly other versions including 2.6.14.4, allows local users to use the KDSKBSENT ioctl on terminals of other users and gain privileges, as demonstrated by modifying key bindings using loadkeys.
Vendor | Product | Version | CPE |
---|---|---|---|
linux | linux_kernel | 2.6.12 | cpe:2.3:o:linux:linux_kernel:2.6.12:*:*:*:*:*:*:* |
linux | linux_kernel | 2.6.14.4 | cpe:2.3:o:linux:linux_kernel:2.6.14.4:*:*:*:*:*:*:* |
bugs.debian.org/cgi-bin/bugreport.cgi?bug=334113
rhn.redhat.com/errata/RHBA-2007-0304.html
secunia.com/advisories/17226
secunia.com/advisories/17826
secunia.com/advisories/17995
secunia.com/advisories/18203
secunia.com/advisories/19185
secunia.com/advisories/19369
secunia.com/advisories/19374
www.debian.org/security/2006/dsa-1017
www.debian.org/security/2006/dsa-1018
www.mandriva.com/security/advisories?name=MDKSA-2005:218
www.mandriva.com/security/advisories?name=MDKSA-2005:219
www.mandriva.com/security/advisories?name=MDKSA-2005:220
www.mandriva.com/security/advisories?name=MDKSA-2005:235
www.securityfocus.com/bid/15122
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10615
usn.ubuntu.com/231-1/