Candidate: CVE-2003-0246
References: 
 REDHAT:RHSA-2003:172
 URL:http://www.redhat.com/support/errata/RHSA-2003-172.html
 REDHAT:RHSA-2003:147
 URL:http://www.redhat.com/support/errata/RHSA-2003-147.html
 ENGARDE:ESA-20030515-017
 URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105301461726555&w=2
 DEBIAN:DSA-311
 URL:http://www.debian.org/security/2003/dsa-311
 DEBIAN:DSA-312
 URL:http://www.debian.org/security/2003/dsa-312
 DEBIAN:DSA-332
 URL:http://www.debian.org/security/2003/dsa-332
 DEBIAN:DSA-336
 URL:http://www.debian.org/security/2003/dsa-336
 DEBIAN:DSA-442
 URL:http://www.debian.org/security/2004/dsa-442
 MANDRAKE:MDKSA-2003:066
 URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:066
 MANDRAKE:MDKSA-2003:074
 URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:074
 TURBO:TLSA-2003-41
 URL:http://www.turbolinux.com/security/TLSA-2003-41.txt
 VULNWATCH:20030520 Linux 2.4 kernel ioperm vuln
 URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0076.html
 OVAL:OVAL278
 URL:http://oval.mitre.org/oval/definitions/data/oval278.html
Description: 
 The ioperm system call in Linux kernel 2.4.20 and earlier does not properly
 restrict privileges, which allows local users to gain read or write access to
 certain I/O ports.
Notes: 
 It looks like the patch originally included in woody was just a one line
 change; whereas there were two larger patches that went upstream.  I'm
 moving our trees forward to the upstream one.
 .
 Patch is x86 only.
Bugs: 
upstream: released (2.4.21-rc4)
linux-2.6: N/A
2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
2.4.19-woody-security: released (2.4.19-4.woody3)
2.4.18-woody-security: pending (2.4.18-14.5)
2.4.17-woody-security: released (2.4.17-1woody4)
2.4.16-woody-security: released (2.4.16-1woody3)
2.4.17-woody-security-hppa: N/A
2.4.17-woody-security-ia64: released (011226.14.1)
2.4.18-woody-security-hppa: N/A