CVE-2005-3257
First published: Tue Oct 18 2005(Updated: )
The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12, and possibly other versions including 2.6.14.4, allows local users to use the KDSKBSENT ioctl on terminals of other users and gain privileges, as demonstrated by modifying key bindings using loadkeys.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux kernel | =2.6.14.4 | |
| Linux kernel | =2.6.12 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=334113
- http://www.securityfocus.com/bid/15122
- http://secunia.com/advisories/17995
- http://secunia.com/advisories/18203
- http://secunia.com/advisories/17226
- http://www.debian.org/security/2006/dsa-1017
- http://secunia.com/advisories/17826
- http://www.debian.org/security/2006/dsa-1018
- http://secunia.com/advisories/19374
- http://secunia.com/advisories/19369
- http://secunia.com/advisories/19185
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:218
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:235
- http://rhn.redhat.com/errata/RHBA-2007-0304.html
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:220
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:219
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10615
- https://usn.ubuntu.com/231-1/
Frequently Asked Questions
What is the severity of CVE-2005-3257?
CVE-2005-3257 is considered to have a medium severity rating due to its potential for privilege escalation.
How do I fix CVE-2005-3257?
To fix CVE-2005-3257, it is recommended to update the Linux kernel to a version that is not vulnerable to this issue.
Which versions of Linux Kernel are affected by CVE-2005-3257?
CVE-2005-3257 affects Linux kernel versions 2.6.12 and 2.6.14.4, among possible other versions.
Who can exploit the vulnerability in CVE-2005-3257?
Local users can exploit the vulnerability in CVE-2005-3257 by using the KDSKBSENT ioctl on terminals of other users.
What type of attack is associated with CVE-2005-3257?
CVE-2005-3257 is associated with a privilege escalation attack that allows unauthorized modification of keybindings.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/linux
- canonical/linux kernel
- version/linux kernel/2.6.12
- version/linux kernel/2.6.14.4