CVE-2002-1976

high

Description

ifconfig, when used on the Linux kernel 2.2 and later, does not report when the network interface is in promiscuous mode if it was put in promiscuous mode using PACKET_MR_PROMISC, which could allow attackers to sniff the network without detection, as demonstrated using libpcap.

References

http://www.securityfocus.com/bid/5304

http://www.iss.net/security_center/static/9676.php

http://online.securityfocus.com/archive/1/284257

http://online.securityfocus.com/archive/1/284142

http://archives.neohapsis.com/archives/bugtraq/2002-07/0279.html

Details

Source: Mitre, NVD

Published: 2002-12-31

Updated: 2025-04-03

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 7.7

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Severity: High

EPSS

EPSS: 0.00075