CVE-2002-1976

NameCVE-2002-1976
Descriptionifconfig, when used on the Linux kernel 2.2 and later, does not report when the network interface is in promiscuous mode if it was put in promiscuous mode using PACKET_MR_PROMISC, which could allow attackers to sniff the network without detection, as demonstrated using libpcap.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
net-tools (PTS)jessie1.60-26vulnerable
stretch1.60+git20161116.90da8a0-1vulnerable
buster1.60+git20180626.aebd88e-1vulnerable
bullseye1.60+git20181103.0eebece-1+deb11u1vulnerable
bookworm2.10-0.1vulnerable
sid, trixie2.10-1.1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
net-toolssource(unstable)(unfixed)unimportant

Notes

This seems to be a misunderstanding of what the PROMISC flag
is about. ifconfig reports properly when it is set using
"ifconfig promisc".
Search for package or bug name: Reporting problems