ID CVE-2003-0461
Summary /proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords.
References
Vulnerable Configurations
  • Red Hat Linux 7.1
    cpe:2.3:o:redhat:linux:7.1
  • Red Hat Linux 7.2
    cpe:2.3:o:redhat:linux:7.2
  • Red Hat Linux 7.3
    cpe:2.3:o:redhat:linux:7.3
  • Red Hat Linux 8.0
    cpe:2.3:o:redhat:linux:8.0
  • Red Hat Linux 9.0
    cpe:2.3:o:redhat:linux:9.0
CVSS
Base: 2.1 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-358.NASL
    description A number of vulnerabilities have been discovered in the Linux kernel. - CAN-2003-0461: /proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords. This bug has been fixed by restricting access to /proc/tty/driver/serial. - CAN-2003-0462: A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash). - CAN-2003-0476: The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors. - CAN-2003-0501: The /proc filesystem in Linux allows local users to obtain sensitive information by opening various entries in /proc/self before executing a setuid program, which causes the program to fail to change the ownership and permissions of those entries. - CAN-2003-0550: The STP protocol, as enabled in Linux 2.4.x, does not provide sufficient security by design, which allows attackers to modify the bridge topology. This bug has been fixed by disabling STP by default. - CAN-2003-0551: The STP protocol, as enabled in Linux 2.4.x, does not provide sufficient security by design, which allows attackers to modify the bridge topology. - CAN-2003-0552: Linux 2.4.x allows remote attackers to spoof the bridge forwarding table via forged packets whose source addresses are the same as the target. - CAN-2003-0018: Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the O_DIRECT feature, which allows local attackers with write privileges to read portions of previously deleted files, or cause file system corruption. This bug has been fixed by disabling O_DIRECT. - CAN-2003-0619: Integer signedness error in the decode_fh function of nfs3xdr.c in Linux kernel before 2.4.21 allows remote attackers to cause a denial of service (kernel panic) via a negative size value within XDR data of an NFSv3 procedure call. This advisory covers only the i386 and alpha architectures. Other architectures will be covered by separate advisories.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 15195
    published 2004-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15195
    title Debian DSA-358-4 : linux-kernel-2.4.18 - several vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2002-263.NASL
    description The kernel in Red Hat Linux Advanced Server 2.1 is vulnerable to a local denial of service attack. Updated packages are available which address this vulnerability. [Updated 28 August 2003] Added CVE-2003-0461 to the list of security issues that were fixed by this advisory (there are no changes to the packages themselves). The Linux kernel handles the basic functions of the operating system. A vulnerability in the Linux kernel has been discovered in which a non-root user can cause the machine to freeze. This kernel addresses the vulnerability. Note: This bug is specific to the x86 architecture kernels only, and does not affect ia64 or other architectures. In addition, /proc/tty/driver/serial reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as password lengths. All users should upgrade to these errata packages, which are not vulnerable to these issues. Thanks go to Christopher Devine for reporting the vulnerability on Bugtraq, and Petr Vandrovec for being the first to supply a fix to the community.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 12337
    published 2004-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12337
    title RHEL 2.1 : kernel (RHSA-2002:263)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2004-188.NASL
    description Updated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 3. This is the second regular update. The Linux kernel handles the basic functions of the operating system. This is the second regular kernel update to Red Hat Enterprise Linux version 3. It contains several minor security fixes, many bug fixes, device driver updates, new hardware support, and the introduction of Linux Syscall Auditing support. There were bug fixes in many different parts of the kernel, the bulk of which addressed unusual situations such as error handling, race conditions, and resource starvation. The combined effect of the approximately 140 fixes is a strong improvement in the reliability and durability of Red Hat Enterprise Linux. Some of the key areas affected are disk drivers, network drivers, USB support, x86_64 and ppc64 platform support, ia64 32-bit emulation layer enablers, and the VM, NFS, IPv6, and SCSI subsystems. A significant change in the SCSI subsystem (the disabling of the scsi-affine-queue patch) should significantly improve SCSI disk driver performance in many scenarios. There were 10 Bugzillas against SCSI performance problems addressed by this change. The following drivers have been upgraded to new versions : bonding ---- 2.4.1 cciss ------ 2.4.50.RH1 e1000 ------ 5.2.30.1-k1 fusion ----- 2.05.11.03 ipr -------- 1.0.3 ips -------- 6.11.07 megaraid2 -- 2.10.1.1 qla2x00 ---- 6.07.02-RH1 tg3 -------- 3.1 z90crypt --- 1.1.4 This update introduces support for the new Intel EM64T processor. A new 'ia32e' architecture has been created to support booting on platforms based on either the original AMD Opteron CPU or the new Intel EM64T CPU. The existing 'x86_64' architecture has remained optimized for Opteron systems. Kernels for both types of systems are built from the same x86_64-architecture sources and share a common kernel source RPM (kernel-source-2.4.21-15.EL.x86_64.rpm). Other highlights in this update include a major upgrade to the SATA infrastructure, addition of IBM JS20 Power Blade support, and creation of an optional IBM eServer zSeries On-Demand Timer facility for reducing idle CPU overhead. The following security issues were addressed in this update : A minor flaw was found where /proc/tty/driver/serial reveals the exact character counts for serial links. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0461 to this issue. The kernel strncpy() function in Linux 2.4 and 2.5 does not pad the target buffer with null bytes on architectures other than x86, as opposed to the expected libc behavior, which could lead to information leaks. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0465 to this issue. A minor data leak was found in two real time clock drivers (for /dev/rtc). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0984 to this issue. A flaw in the R128 Direct Render Infrastructure (dri) driver could allow local privilege escalation. This driver is part of the kernel-unsupported package. The Common Vulnera- bilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0003 to this issue. A flaw in ncp_lookup() in ncpfs could allow local privilege escalation. The ncpfs module allows a system to mount volumes of NetWare servers or print to NetWare printers and is in the kernel-unsupported package. The Common Vulnera- bilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0010 to this issue. (Note that the kernel-unsupported package contains drivers and other modules that are unsupported and therefore might contain security problems that have not been addressed.) All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 12494
    published 2004-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12494
    title RHEL 3 : kernel (RHSA-2004:188)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-423.NASL
    description The IA-64 maintainers fixed several security related bugs in the Linux kernel 2.4.17 used for the IA-64 architecture, mostly by backporting fixes from 2.4.18. The corrections are listed below with the identification from the Common Vulnerabilities and Exposures (CVE) project : - CAN-2003-0001 : Multiple ethernet network interface card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak. - CAN-2003-0018 : Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the O_DIRECT feature, which allows local attackers with write privileges to read portions of previously deleted files, or cause file system corruption. - CAN-2003-0127 : The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x before 2.4.21, allows local users to gain root privileges by using ptrace to attach to a child process which is spawned by the kernel. - CAN-2003-0461 : The virtual file /proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords. - CAN-2003-0462 : A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash). - CAN-2003-0476 : The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors. - CAN-2003-0501 : The /proc filesystem in Linux allows local users to obtain sensitive information by opening various entries in /proc/self before executing a setuid program, which causes the program to fail to change the ownership and permissions of those entries. - CAN-2003-0550 : The STP protocol, as enabled in Linux 2.4.x, does not provide sufficient security by design, which allows attackers to modify the bridge topology. - CAN-2003-0551 : The STP protocol implementation in Linux 2.4.x does not properly verify certain lengths, which could allow attackers to cause a denial of service. - CAN-2003-0552 : Linux 2.4.x allows remote attackers to spoof the bridge Forwarding table via forged packets whose source addresses are the same as the target. - CAN-2003-0961 : An integer overflow in brk system call (do_brk function) for Linux kernel 2.4.22 and earlier allows local users to gain root privileges. - CAN-2003-0985 : The mremap system call (do_mremap) in Linux kernel 2.4 and 2.6 does not properly perform boundary checks, which allows local users to cause a denial of service and possibly gain privileges by causing a remapping of a virtual memory area (VMA) to create a zero length VMA.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 15260
    published 2004-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15260
    title Debian DSA-423-1 : linux-kernel-2.4.17-ia64 - several vulnerabilities
oval via4
  • accepted 2007-04-25T19:52:26.364-04:00
    class vulnerability
    contributors
    • name Jay Beale
      organization Bastille Linux
    • name Jay Beale
      organization Bastille Linux
    • name Thomas R. Jones
      organization Maitreya Security
    description /proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords.
    family unix
    id oval:org.mitre.oval:def:304
    status accepted
    submitted 2003-09-26T12:00:00.000-04:00
    title Red Hat Linux Kernel Serial Link Information Disclosure Vulnerability
    version 34
  • accepted 2013-04-29T04:18:51.078-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    description /proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords.
    family unix
    id oval:org.mitre.oval:def:9330
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title /proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords.
    version 23
  • accepted 2012-04-23T04:00:24.894-04:00
    class vulnerability
    contributors
    • name Jay Beale
      organization Bastille Linux
    • name Thomas R. Jones
      organization Maitreya Security
    • name Dragos Prisaca
      organization Symantec Corporation
    description /proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords.
    family unix
    id oval:org.mitre.oval:def:997
    status accepted
    submitted 2004-05-12T12:00:00.000-04:00
    title Red Hat Enterprise Linux 3 Kernel Serial Link Information Disclosure Vulnerability
    version 36
redhat via4
advisories
  • rhsa
    id RHSA-2003:238
  • rhsa
    id RHSA-2004:188
refmap via4
debian
  • DSA-358
  • DSA-423
misc http://rsbac.dyndns.org/pipermail/rsbac/2002-May/000162.html
Last major update 21-08-2010 - 00:16
Published 27-08-2003 - 00:00
Last modified 10-10-2017 - 21:29
Back to Top