CVE-2005-0839

Linux kernel 2.6 before 2.6.11 does not restrict access to the N_MOUSE line discipline for a TTY, which allows local users to gain privileges by injecting mouse or keyboard events into other user sessions.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://linux.bkbits.net:8080/linux-2.6/cset%4041fa6464E1UuGu6zmketEYxm73KSyQ
http://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg64704.html
http://www.redhat.com/support/errata/RHSA-2005-366.html
http://www.securityfocus.com/archive/1/427980/100/0/threaded
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9460
http://linux.bkbits.net:8080/linux-2.6/cset%4041fa6464E1UuGu6zmketEYxm73KSyQ
http://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg64704.html
http://www.redhat.com/support/errata/RHSA-2005-366.html
http://www.securityfocus.com/archive/1/427980/100/0/threaded
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9460

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel:2.6.0:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.1:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.1:rc1::::::
	cpe:2.3:o:linux:linux_kernel:2.6.1:rc2::::::
	cpe:2.3:o:linux:linux_kernel:2.6.2:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.3:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.4:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.5:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.6:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.7:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.8:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.8.1:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.9:2.6.20::::::
	cpe:2.3:o:linux:linux_kernel:2.6.10:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.10:rc2::::::

History

20 Nov 2024, 23:56

Type	Values Removed	Values Added
References	~~() http://linux.bkbits.net:8080/linux-2.6/cset%4041fa6464E1UuGu6zmketEYxm73KSyQ -~~	() http://linux.bkbits.net:8080/linux-2.6/cset%4041fa6464E1UuGu6zmketEYxm73KSyQ -
References	~~() http://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg64704.html -~~	() http://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg64704.html -
References	~~() http://www.redhat.com/support/errata/RHSA-2005-366.html -~~	() http://www.redhat.com/support/errata/RHSA-2005-366.html -
References	~~() http://www.securityfocus.com/archive/1/427980/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/427980/100/0/threaded -
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9460 -~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9460 -

Information

Published : 2005-05-02 04:00

Updated : 2024-11-20 23:56

NVD link : CVE-2005-0839

Mitre link : CVE-2005-0839

CVE.ORG link : CVE-2005-0839

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-Other

7.2 /10