1. CVE-Search
  2. CVE-2003-0461
ID CVE-2003-0461
Summary /proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords.
References
Vulnerable Configurations
  • cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:linux:9.0:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 11-10-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:N/A:N
oval via4
  • accepted 2007-04-25T19:52:26.364-04:00
    class vulnerability
    contributors
    • name Jay Beale
      organization Bastille Linux
    • name Jay Beale
      organization Bastille Linux
    • name Thomas R. Jones
      organization Maitreya Security
    description /proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords.
    family unix
    id oval:org.mitre.oval:def:304
    status accepted
    submitted 2003-09-26T12:00:00.000-04:00
    title Red Hat Linux Kernel Serial Link Information Disclosure Vulnerability
    version 38
  • accepted 2013-04-29T04:18:51.078-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    description /proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords.
    family unix
    id oval:org.mitre.oval:def:9330
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title /proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords.
    version 29
  • accepted 2012-04-23T04:00:24.894-04:00
    class vulnerability
    contributors
    • name Jay Beale
      organization Bastille Linux
    • name Thomas R. Jones
      organization Maitreya Security
    • name Dragos Prisaca
      organization Symantec Corporation
    description /proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords.
    family unix
    id oval:org.mitre.oval:def:997
    status accepted
    submitted 2004-05-12T12:00:00.000-04:00
    title Red Hat Enterprise Linux 3 Kernel Serial Link Information Disclosure Vulnerability
    version 40
redhat via4
advisories
  • rhsa
    id RHSA-2003:238
  • rhsa
    id RHSA-2004:188
rpms
  • kernel-0:2.4.21-15.EL
  • kernel-BOOT-0:2.4.21-15.EL
  • kernel-debuginfo-0:2.4.21-15.EL
  • kernel-doc-0:2.4.21-15.EL
  • kernel-hugemem-0:2.4.21-15.EL
  • kernel-hugemem-unsupported-0:2.4.21-15.EL
  • kernel-smp-0:2.4.21-15.EL
  • kernel-smp-unsupported-0:2.4.21-15.EL
  • kernel-source-0:2.4.21-15.EL
  • kernel-unsupported-0:2.4.21-15.EL
refmap via4
debian
  • DSA-358
  • DSA-423
misc http://rsbac.dyndns.org/pipermail/rsbac/2002-May/000162.html
Last major update 11-10-2017 - 01:29
Published 27-08-2003 - 04:00
Last modified 11-10-2017 - 01:29
Back to Top