Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1976

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2002-1976
Last Modified 05 Sep 2008 04:32:00
Published 31 Dec 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2002-1976

Summary

ifconfig, when used on the Linux kernel 2.2 and later, does not report when the network interface is in promiscuous mode if it was put in promiscuous mode using PACKET_MR_PROMISC, which could allow attackers to sniff the network without detection, as demonstrated using libpcap.

Vulnerable Systems

Operating System

  • Linux Kernel 2.2.0

  • Linux Kernel 2.2.1

  • Linux Kernel 2.2.10

  • Linux Kernel 2.2.11

  • Linux Kernel 2.2.12

  • Linux Kernel 2.2.13

  • Linux Kernel 2.2.14

  • Linux Kernel 2.2.15

  • Linux Kernel 2.2.16

  • Linux Kernel 2.2.17

  • Linux Kernel 2.2.18

  • Linux Kernel 2.2.19

  • Linux Kernel 2.2.2

  • Linux Kernel 2.2.20

  • Linux Kernel 2.2.3

  • Linux Kernel 2.2.4

  • Linux Kernel 2.2.5

  • Linux Kernel 2.2.6

  • Linux Kernel 2.2.7

  • Linux Kernel 2.2.8

  • Linux Kernel 2.2.9

  • Linux Kernel 2.3.0

  • Linux Kernel 2.3.99

  • Linux Kernel 2.4.0

  • Linux Kernel 2.4.1

  • Linux Kernel 2.4.10

  • Linux Kernel 2.4.11

  • Linux Kernel 2.4.12

  • Linux Kernel 2.4.13

  • Linux Kernel 2.4.14

  • Linux Kernel 2.4.15

  • Linux Kernel 2.4.16

  • Linux Kernel 2.4.17

  • Linux Kernel 2.4.18

  • Linux Kernel 2.4.19

  • Linux Kernel 2.4.2

  • Linux Kernel 2.4.3

  • Linux Kernel 2.4.4

  • Linux Kernel 2.4.5

  • Linux Kernel 2.4.6

  • Linux Kernel 2.4.7

  • Linux Kernel 2.4.8

  • Linux Kernel 2.4.9


References

BID - 5304

XF - linux-ifconfig-promiscuous-mode(9676)

BUGTRAQ - 20020724 Interface promiscuity obscurity in Linux


Last Updated: 27 May 2016 10:37:34