Vulnerability Description
The encrypted loop device in Linux kernel 2.4.10 and earlier does not authenticate the entity that is encrypting data, which allows local users to modify encrypted data without knowing the key.
CVSS Score
2.1
LOW
AV:L/AC:L/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | 2.2.0 |
References
- http://archives.neohapsis.com/archives/bugtraq/2002-01/0010.htmlVendor Advisory
- http://www.securityfocus.com/bid/3775Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7769
- http://archives.neohapsis.com/archives/bugtraq/2002-01/0010.htmlVendor Advisory
- http://www.securityfocus.com/bid/3775Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7769
FAQ
What is CVE-2002-0570?
CVE-2002-0570 is a vulnerability with a CVSS score of 2.1 (LOW). The encrypted loop device in Linux kernel 2.4.10 and earlier does not authenticate the entity that is encrypting data, which allows local users to modify encrypted data without knowing the key.
How severe is CVE-2002-0570?
CVE-2002-0570 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0570?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.