CVE-2003-0246

Name of the Vulnerable Software and Affected Versions Debian GNU/Linux (affected versions not specified) Red Hat Linux kernel versions prior to 2.4.21 Red Hat Linux kernel-smp version 2.4.20 Red Hat Linux kernel-doc version 2.4.20 Red Hat Linux kernel version 2.4.20 Red Hat Linux kernel-BOOT version 2.4.20 Red Hat Linux kernel-source version 2.4.20 Red Hat Linux kernel-bigmem version 2.4.20 Red Hat Linux oprofile version 0.4 Debian GNU/Linux pcmcia-modules version 2.4.18-bf2.4 Debian GNU/Linux mkcramfs (affected versions not specified)

Description The issue involves multiple vulnerabilities in various Linux kernel packages and related software, which can lead to disruptions in confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. According to Mitre, the ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, allowing local users to gain read or write access to certain I/O ports.

Recommendations For Debian GNU/Linux, update the pcmcia-modules and mkcramfs packages to versions that are not affected by the vulnerabilities. For Red Hat Linux kernel-smp version 2.4.20, update to a version that is not affected by the vulnerabilities. For Red Hat Linux kernel-doc version 2.4.20, update to a version that is not affected by the vulnerabilities. For Red Hat Linux kernel version 2.4.20, update to a version that is not affected by the vulnerabilities. For Red Hat Linux kernel-BOOT version 2.4.20, update to a version that is not affected by the vulnerabilities. For Red Hat Linux kernel-source version 2.4.20, update to a version that is not affected by the vulnerabilities. For Red Hat Linux kernel-bigmem version 2.4.20, update to a version that is not affected by the vulnerabilities. For Red Hat Linux oprofile version 0.4, update to a version that is not affected by the vulnerabilities. As a temporary workaround, consider restricting access to the vulnerable kernel packages until a patch is available.