Vulnerability Description
The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12, and possibly other versions including 2.6.14.4, allows local users to use the KDSKBSENT ioctl on terminals of other users and gain privileges, as demonstrated by modifying key bindings using loadkeys.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | 2.6.12 |
Related Weaknesses (CWE)
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=334113ExploitVendor Advisory
- http://rhn.redhat.com/errata/RHBA-2007-0304.html
- http://secunia.com/advisories/17226Vendor Advisory
- http://secunia.com/advisories/17826Vendor Advisory
- http://secunia.com/advisories/17995Vendor Advisory
- http://secunia.com/advisories/18203Vendor Advisory
- http://secunia.com/advisories/19185Vendor Advisory
- http://secunia.com/advisories/19369Vendor Advisory
- http://secunia.com/advisories/19374Vendor Advisory
- http://www.debian.org/security/2006/dsa-1017
- http://www.debian.org/security/2006/dsa-1018
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:218
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:219
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:220
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:235
FAQ
What is CVE-2005-3257?
CVE-2005-3257 is a vulnerability with a CVSS score of 4.6 (MEDIUM). The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12, and possibly other versions including 2.6.14.4, allows local users to use the KDSKBSENT ioctl on terminals of other users and gain privileges...
How severe is CVE-2005-3257?
CVE-2005-3257 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-3257?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.