blob: b37b4906ff306b96e4d944dd8b88e7f06c75b752 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
Candidate: CVE-2005-1264
References:
MLIST:[linux-kernel] 20050517 [PATCH] Fix root hole in raw device
URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=111630512512222
VULNWATCH:20050516 Linux kernel pktcdvd and rawdevice ioctl break user space limit vulnerability
URL:http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0045.html
VULNWATCH:20050517 Re: Linux kernel pktcdvd and rawdevice ioctl break user space limit vulnerability
URL:http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0046.html
CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.10
FRSIRT:ADV-2005-0557
URL:http://www.frsirt.com/english/advisories/2005/0557
Description:
Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong
function before passing an ioctl to the block device, which crosses security
boundaries by making kernel address space accessible from user space, a
similar vulnerability to CVE-2005-1589.
Notes:
Bugs:
upstream: released (2.6.11.10)
linux-2.6: N/A
2.6.8-sarge-security: released (2.6.8-16) [drivers-block-raw-ioctl.dpatch]
2.4.27-sarge-security: N/A "raw.c doesn't call ioctl_by_bdev() in 2.4"
2.6.18-etch-security: N/A
|