CVE-2005-3257
published 2005-10-18CVE-2005-3257: The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12, and possibly other versions including 2.6.14.4, allows local users to use the KDSKBSENT ioctl on…
PriorityP420medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EXPLOIT
EPSS
1.06%
60.2th percentile
The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12, and possibly other versions including 2.6.14.4, allows local users to use the KDSKBSENT ioctl on terminals of other users and gain privileges, as demonstrated by modifying key bindings using loadkeys.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
CVSS provenance
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat4.6MEDIUM
vendor_ubuntu4.6MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j6qw-vjcv-x9q7: The VT implementation (vt_ioctl
ghsa_unreviewed·2022-05-01
CVE-2005-3257 [MEDIUM] GHSA-j6qw-vjcv-x9q7: The VT implementation (vt_ioctl
The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12, and possibly other versions including 2.6.14.4, allows local users to use the KDSKBSENT ioctl on terminals of other users and gain privileges, as demonstrated by modifying key bindings using loadkeys.
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2005-12-23·CVSS 4.6
CVE-2005-3257 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Linux kernel vulnerabilities
Rudolf Polzer reported an abuse of the 'loadkeys' command. By
redefining one or more keys and tricking another user (like root) into
logging in on a text console and typing something that involves the
redefined keys, a local user could cause execution of arbitrary
commands with the privileges of the target user. The updated kernel
restricts the usage of 'loadkeys' to root. (CVE-2005-3257)
The ptrace() system call did not correctly check whether a process
tried to attach to itself. A local attacker could exploit this to
cause a kernel crash. (CVE-2005-3783)
A Denial of Service vulnerability was found in the handler that
automatically cleans up and terminates child processes that are not
correctly handled by their
Red Hat
security flaw
vendor_redhat·2005-10-15·CVSS 4.6
CVE-2005-3257 [MEDIUM] security flaw
security flaw
The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12, and possibly other versions including 2.6.14.4, allows local users to use the KDSKBSENT ioctl on terminals of other users and gain privileges, as demonstrated by modifying key bindings using loadkeys.
No detection rules found.
Bugzilla
CVE-2005-3257 security flaw
bugzilla·2018-08-16·CVSS 4.6
CVE-2005-3257 [MEDIUM] CVE-2005-3257 security flaw
CVE-2005-3257 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12, and possibly other versions including 2.6.14.4, allows local users to use the KDSKBSENT ioctl on terminals of other users and gain privileges, as demonstrated by modifying key bindings using loadkeys.
Bugzilla
CVE-2005-3257 loadkeys key bindings
bugzilla·2005-11-03·CVSS 4.6
CVE-2005-3257 [MEDIUM] CVE-2005-3257 loadkeys key bindings
CVE-2005-3257 loadkeys key bindings
"The VT implementation (vt_ioctl.c) allows local users to use certain IOCTLs on
terminals of other users and gain privileges, as demonstrated by modifying key
bindings using loadkeys"
Thread here:
http://www.gossamer-threads.com/lists/linux/kernel/580641
Committed upstream fix to allow only root to use setkeys:
http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0b360adbdb54d5b98b78d57ba0916bc4b8871968
Discussion:
Created attachment 128857
updated patch
updated patch based on e3f17f0f6e98f58edb13cb38810d93e6d4808e68 commit
---
ok, tested it on RHEL4 but it seems to break initscripts package assumption
(/etc/profile.d/lang.sh) of an user being able to load keymaps. probably this
fix is already on Fedora, so I'll take a look
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=334113http://rhn.redhat.com/errata/RHBA-2007-0304.htmlhttp://secunia.com/advisories/17226http://secunia.com/advisories/17826http://secunia.com/advisories/17995http://secunia.com/advisories/18203http://secunia.com/advisories/19185http://secunia.com/advisories/19369http://secunia.com/advisories/19374http://www.debian.org/security/2006/dsa-1017http://www.debian.org/security/2006/dsa-1018http://www.mandriva.com/security/advisories?name=MDKSA-2005:218http://www.mandriva.com/security/advisories?name=MDKSA-2005:219http://www.mandriva.com/security/advisories?name=MDKSA-2005:220http://www.mandriva.com/security/advisories?name=MDKSA-2005:235http://www.securityfocus.com/bid/15122https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10615https://usn.ubuntu.com/231-1/http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=334113http://rhn.redhat.com/errata/RHBA-2007-0304.htmlhttp://secunia.com/advisories/17226http://secunia.com/advisories/17826http://secunia.com/advisories/17995http://secunia.com/advisories/18203http://secunia.com/advisories/19185http://secunia.com/advisories/19369http://secunia.com/advisories/19374http://www.debian.org/security/2006/dsa-1017http://www.debian.org/security/2006/dsa-1018http://www.mandriva.com/security/advisories?name=MDKSA-2005:218http://www.mandriva.com/security/advisories?name=MDKSA-2005:219http://www.mandriva.com/security/advisories?name=MDKSA-2005:220http://www.mandriva.com/security/advisories?name=MDKSA-2005:235http://www.securityfocus.com/bid/15122https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10615https://usn.ubuntu.com/231-1/
2005-10-18
Published