Vulnerability Name:

CVE-2001-1391 (CCN-11162)

Assigned:2001-04-09
Published:2001-04-09
Updated:2017-10-10
Summary:Off-by-one vulnerability in CPIA driver of Linux kernel before 2.2.19 allows users to modify kernel memory.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: CCN
Type: Caldera Systems, Inc. Security Advisory CSSA-2001-012.0
several security problems in linux kernel

Source: MITRE
Type: CNA
CVE-2001-1391

Source: CCN
Type: Conectiva Linux Announcement CLSA-2001:394
kernel

Source: IMMUNIX
Type: UNKNOWN
IMNX-2001-70-010-01

Source: CALDERA
Type: UNKNOWN
CSSA-2001-012.0

Source: BUGTRAQ
Type: UNKNOWN
20010405 Trustix Security Advisory #2001-0003 - kernel

Source: BUGTRAQ
Type: UNKNOWN
20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2001:037

Source: CONECTIVA
Type: UNKNOWN
CLA-2001:394

Source: SUSE
Type: UNKNOWN
SuSE-SA:2001:018

Source: CCN
Type: Immunix OS Security Advisory IMNX-2001-70-010-01
kernel

Source: CCN
Type: Progeny Linux Systems Security Advisory PROGENY-SA-2001-01
execve()/ptrace() exploit in Linux kernels prior to 2.2.19

Source: CCN
Type: RHSA-2001-047
Linux kernel 2.2.19 now available

Source: CCN
Type: RHSA-2002-210
New kernel 2.2 packages fix local vulnerabilities

Source: DEBIAN
Type: DSA-047
kernel -- multiple security problems

Source: CCN
Type: The The Linux Kernel Archives Web site
The Linux Kernel Archives

Source: CONFIRM
Type: UNKNOWN
http://www.linux.org.uk/VERSION/relnotes.2219.html

Source: CCN
Type: OSVDB ID: 9573
Linux Kernel CPIA Driver Arbitrary Memory Modification

Source: REDHAT
Type: Vendor Advisory
RHSA-2001:047

Source: CCN
Type: SuSE Security Announcement SuSE-SA:2001:18
kernel

Source: CCN
Type: Trustix Secure Linux Security Advisory #2001-0003
kernel

Source: CCN
Type: USSG Indiana University Web Site
Linux 2.2.19 Release Notes

Source: CCN
Type: MandrakeSoft Security Advisory MDKSA-2001:037
kernel

Source: XF
Type: UNKNOWN
linux-cpia-memory-overwrite(11162)

Source: XF
Type: UNKNOWN
linux-cpia-memory-overwrite(11162)

Source: DEBIAN
Type: UNKNOWN
DSA-047

Vulnerable Configuration:Configuration 1:
  • cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:* (Version <= 2.2.19)

  • Configuration CCN 1:
  • cpe:/o:linux:linux_kernel:2.2.0:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.1:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.5:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.14:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.2:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.3:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.7:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.8:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.9:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.10:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.11:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.12:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.13:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.15:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.16:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.17:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.18:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.4:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.6:*:*:*:*:*:*:*
  • AND
  • cpe:/o:suse:suse_linux:6.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.3:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.4:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:2.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:6.1:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:1.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:1.01:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:1.2:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.debian:def:47
    V
    multiple security problems
    2001-04-16
    BACK
    linux linux kernel *
    linux linux kernel 2.2.0
    linux linux kernel 2.2.1
    linux linux kernel 2.2.5
    linux linux kernel 2.2.14
    linux linux kernel 2.2.2
    linux linux kernel 2.2.3
    linux linux kernel 2.2.7
    linux linux kernel 2.2.8
    linux linux kernel 2.2.9
    linux linux kernel 2.2.10
    linux linux kernel 2.2.11
    linux linux kernel 2.2.12
    linux linux kernel 2.2.13
    linux linux kernel 2.2.15
    linux linux kernel 2.2.16
    linux linux kernel 2.2.17
    linux linux kernel 2.2.18
    linux linux kernel 2.2.4
    linux linux kernel 2.2.6
    suse suse linux 6.2
    suse suse linux 6.0
    redhat linux 6.2
    suse suse linux 6.3
    suse suse linux 6.4
    debian debian linux 2.2
    mandrakesoft mandrake linux 7.0
    suse suse linux 6.1
    mandrakesoft mandrake linux 7.1
    mandrakesoft mandrake linux 6.0
    mandrakesoft mandrake linux 6.1
    trustix secure linux 1.1
    redhat linux 7
    mandrakesoft mandrake linux 7.2
    suse suse linux 7.0
    mandrakesoft mandrake linux corporate server 1.0.1
    suse suse linux 7.1
    trustix secure linux 1.01
    trustix secure linux 1.2