Candidate: CVE-2005-1589
References: 
 http://marc.theaimsgroup.com/?l=linux-kernel&m=111630531515901&w=2
 http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0045.html
 http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0046.html
 http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0047.html
 http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.10
 http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:219
 http://www.frsirt.com/english/advisories/2005/0557
Description: 
 The pkt_ioctl function in the pktcdvd block device ioctl handler (pktcdvd.c)
 in Linux kernel 2.6.12-rc4 and earlier calls the wrong function before
 passing an ioctl to the block device, which crosses security boundaries by
 making kernel address space accessible from user space and allows local users
 to cause a denial of service and possibly execute arbitrary code, a similar
 vulnerability to CVE-2005-1264.
Notes: 
 horms> (discussing this and a similar problem):
 horms> 2.6.8 is only vulnerable to the raw ioctl problem,
 horms> which I believe is CAN-2005-1264.
 horms> (unstable/testing-proposed-updates) and sarge-security
 horms> (testing-security) branches and it should appear in 2.6.8-16 and
 horms> 2.6.8-15sarge1 respectively.
 horms> 2.4.27 does not appear to be vulnerable to either of these problems.
Bugs: 309429
upstream: released (2.6.11.10), released (2.6.12-rc5)
linux-2.6: N/A
2.6.8-sarge-security: released (2.6.8-16)
2.4.27-sarge-security: N/A
2.4.19-woody-security: N/A
2.4.18-woody-security: N/A
2.4.17-woody-security: N/A
2.4.16-woody-security: N/A
2.4.17-woody-security-hppa: N/A
2.4.17-woody-security-ia64: N/A
2.4.18-woody-security-hppa: N/A