Executive Summary

Informations
NameCVE-2003-0246First vendor Publication2003-06-16
VendorCveLast vendor Modification2008-09-10

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:N)
Cvss Base Score3.6Attack RangeLocal
Cvss Impact Score4.9Attack ComplexityLow
Cvss Expoit Score3.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0246

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:278
 
Oval ID: oval:org.mitre.oval:def:278
Title: Linux ioperm Privilege Restriction Vulnerability
Description: The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports.
Family: unix Class: vulnerability
Reference(s): CVE-2003-0246
Version: 2
Platform(s): Red Hat Linux 9
Product(s): Linux kernel
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os91

OpenVAS Exploits

DateDescription
2008-01-17Name : Debian Security Advisory DSA 442-1 (kernel-patch-2.4.17-s390, kernel-image-2....
File : nvt/deb_442_1.nasl
2008-01-17Name : Debian Security Advisory DSA 311-1 (kernel)
File : nvt/deb_311_1.nasl
2008-01-17Name : Debian Security Advisory DSA 312-1 (kernel-patch-2.4.18-powerpc)
File : nvt/deb_312_1.nasl
2008-01-17Name : Debian Security Advisory DSA 332-1 (kernel-source-2.4.17, kernel-patch-2.4.17...
File : nvt/deb_332_1.nasl
2008-01-17Name : Debian Security Advisory DSA 336-1 (kernel-source-2.2.20, kernel-image-2.2.20...
File : nvt/deb_336_1.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
4454Linux Kernel ioperm System Call Arbitrary Port read/write Access

Nessus® Vulnerability Scanner

DateDescription
2004-09-29Name : The remote Debian host is missing a security-related update.
File : debian_DSA-311.nasl - Type : ACT_GATHER_INFO
2004-09-29Name : The remote Debian host is missing a security-related update.
File : debian_DSA-312.nasl - Type : ACT_GATHER_INFO
2004-09-29Name : The remote Debian host is missing a security-related update.
File : debian_DSA-332.nasl - Type : ACT_GATHER_INFO
2004-09-29Name : The remote Debian host is missing a security-related update.
File : debian_DSA-336.nasl - Type : ACT_GATHER_INFO
2004-09-29Name : The remote Debian host is missing a security-related update.
File : debian_DSA-442.nasl - Type : ACT_GATHER_INFO
2004-07-31Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2003-066.nasl - Type : ACT_GATHER_INFO
2004-07-31Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2003-074.nasl - Type : ACT_GATHER_INFO
2004-07-06Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2003-147.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
DEBIANhttp://www.debian.org/security/2003/dsa-311
http://www.debian.org/security/2003/dsa-312
http://www.debian.org/security/2003/dsa-332
http://www.debian.org/security/2003/dsa-336
http://www.debian.org/security/2004/dsa-442
ENGARDEhttp://marc.theaimsgroup.com/?l=bugtraq&m=105301461726555&w=2
MANDRAKEhttp://www.mandriva.com/security/advisories?name=MDKSA-2003:066
http://www.mandriva.com/security/advisories?name=MDKSA-2003:074
REDHAThttp://www.redhat.com/support/errata/RHSA-2003-147.html
http://www.redhat.com/support/errata/RHSA-2003-172.html
TURBOhttp://www.turbolinux.com/security/TLSA-2003-41.txt
VULNWATCHhttp://archives.neohapsis.com/archives/vulnwatch/2003-q2/0076.html

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 10:26:01
  • Multiple Updates
2013-05-11 11:50:56
  • Multiple Updates