Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0839

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2005-0839
Last Modified 21 Aug 2010 12:27:07
Published 02 May 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-0839

Summary

Linux kernel 2.6 before 2.6.11 does not restrict access to the N_MOUSE line discipline for a TTY, which allows local users to gain privileges by injecting mouse or keyboard events into other user sessions.

Vulnerable Systems

Operating System

  • Linux Kernel 2.6.0

  • Linux Kernel 2.6.1

  • Linux Kernel 2.6.10

  • Linux Kernel 2.6.2

  • Linux Kernel 2.6.3

  • Linux Kernel 2.6.4

  • Linux Kernel 2.6.5

  • Linux Kernel 2.6.6

  • Linux Kernel 2.6.7

  • Linux Kernel 2.6.8

  • Linux Kernel 2.6.8.1

  • Linux Kernel 2.6.9


References

MLIST - [linux-kernel] 20050301 Re: Breakage from patch: Only root should be able to set the N_MOUSE line discipline.

MISC - http://linux.bkbits.net:8080/linux-2.6/cset@41fa6464E1UuGu6zmketEYxm73KSyQ

FEDORA - FLSA:157459-3

REDHAT - RHSA-2005:366


Last Updated: 27 May 2016 10:39:57