Vulnerability Name:

CVE-2005-3257 (CCN-28866)

Assigned:2005-10-15
Published:2005-10-15
Updated:2018-10-03
Summary:The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12, and possibly other versions including 2.6.14.4, allows local users to use the KDSKBSENT ioctl on terminals of other users and gain privileges, as demonstrated by modifying key bindings using loadkeys.
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.4 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.4 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-264
Vulnerability Consequences:Gain Privileges
References:Source: CCN
Type: Debian Bug report logs - #334113
linux-image-2.6.12-1-powerpc: kernel allows loadkeys to be used by any user, allowing for local root compromise

Source: CONFIRM
Type: Exploit, Vendor Advisory
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=334113

Source: MITRE
Type: CNA
CVE-2005-3257

Source: REDHAT
Type: UNKNOWN
RHBA-2007-0304

Source: CCN
Type: SA17226
Linux Kernel Console Keyboard Mapping Shell Command Injection

Source: SECUNIA
Type: Vendor Advisory
17226

Source: SECUNIA
Type: Vendor Advisory
17826

Source: SECUNIA
Type: Vendor Advisory
17995

Source: SECUNIA
Type: Vendor Advisory
18203

Source: SECUNIA
Type: Vendor Advisory
19185

Source: SECUNIA
Type: Vendor Advisory
19369

Source: SECUNIA
Type: Vendor Advisory
19374

Source: DEBIAN
Type: UNKNOWN
DSA-1017

Source: DEBIAN
Type: UNKNOWN
DSA-1018

Source: DEBIAN
Type: DSA-1017
kernel-source-2.6.8 -- several vulnerabilities

Source: DEBIAN
Type: DSA-1018
kernel-source-2.4.27 -- several vulnerabilities

Source: CCN
Type: The The Linux Kernel Archives Web site
The Linux Kernel Archives

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2005:218

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2005:219

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2005:220

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2005:235

Source: CCN
Type: OSVDB ID: 20061
Linux Kernel loadkeys Console Keyboard Mapping Local Privilege Escalation

Source: BID
Type: UNKNOWN
15122

Source: CCN
Type: BID-15122
Linux Kernel Console Keymap Local Command Injection Vulnerability

Source: CCN
Type: USN-231-1
Linux kernel vulnerabilities

Source: XF
Type: UNKNOWN
kernel-loadkeys-privilege-escalation(28866)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10615

Source: UBUNTU
Type: UNKNOWN
USN-231-1

Vulnerable Configuration:Configuration 1:
  • cpe:/o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.14.4:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:linux:linux_kernel:2.6.14.4:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*
  • AND
  • cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:10615
    V
    		The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12, and possibly other versions including 2.6.14.4, allows local users to use the KDSKBSENT ioctl on terminals of other users and gain privileges, as demonstrated by modifying key bindings using loadkeys.
    2013-04-29
    oval:org.debian:def:1018
    V
    		several vulnerabilities
    2013-01-21
    oval:com.redhat.rhba:def:20070304
    P
    		RHBA-2007:0304: Updated kernel packages available for Red Hat Enterprise Linux 4 Update 5 (Important)
    2008-03-20
    oval:org.debian:def:1017
    V
    		several vulnerabilities
    2006-03-23
    BACK
    linux linux kernel 2.6.12
    linux linux kernel 2.6.14.4
    linux linux kernel 2.6.14.4
    linux linux kernel 2.6.12
    mandrakesoft mandrake linux 10.1
    mandrakesoft mandrake linux corporate server 3.0
    debian debian linux 3.1
    mandrakesoft mandrake multi network firewall 2.0
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux 10.1
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux corporate server 3.0