Main Vulnerability Database SB2002070301

SB2002070301 - Missing authorization in Linux kernel

Published: July 3, 2002

Security Bulletin ID SB2002070301

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Missing authorization (CVE-ID: CVE-2002-0570)

The vulnerability allows a local user to corrupt data.

The encrypted loop device in Linux kernel 2.4.10 and earlier does not authenticate the entity that is encrypting data, which allows local users to modify encrypted data without knowing the key.

Remediation

Install update from vendor's website.

References

http://archives.neohapsis.com/archives/bugtraq/2002-01/0010.html
http://www.securityfocus.com/bid/3775
https://exchange.xforce.ibmcloud.com/vulnerabilities/7769