blob: da505ae320d04ff8346967c234d92049e621ec5c (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
Candidate: CVE-2005-1589
References:
http://marc.theaimsgroup.com/?l=linux-kernel&m=111630531515901&w=2
http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0045.html
http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0046.html
http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0047.html
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.10
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:219
http://www.frsirt.com/english/advisories/2005/0557
Description:
The pkt_ioctl function in the pktcdvd block device ioctl handler (pktcdvd.c)
in Linux kernel 2.6.12-rc4 and earlier calls the wrong function before
passing an ioctl to the block device, which crosses security boundaries by
making kernel address space accessible from user space and allows local users
to cause a denial of service and possibly execute arbitrary code, a similar
vulnerability to CVE-2005-1264.
Notes:
horms> (discussing this and a similar problem):
horms> 2.6.8 is only vulnerable to the raw ioctl problem,
horms> which I believe is CAN-2005-1264.
horms> (unstable/testing-proposed-updates) and sarge-security
horms> (testing-security) branches and it should appear in 2.6.8-16 and
horms> 2.6.8-15sarge1 respectively.
horms> 2.4.27 does not appear to be vulnerable to either of these problems.
Bugs: 309429
upstream: released (2.6.11.10), released (2.6.12-rc5)
linux-2.6: N/A
2.6.8-sarge-security: released (2.6.8-16)
2.4.27-sarge-security: N/A
2.4.19-woody-security: N/A
2.4.18-woody-security: N/A
2.4.17-woody-security: N/A
2.4.16-woody-security: N/A
2.4.17-woody-security-hppa: N/A
2.4.17-woody-security-ia64: N/A
2.4.18-woody-security-hppa: N/A
|
