Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1264

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2005-1264
Last Modified 07 Mar 2011 09:21:32
Published 17 May 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-1264

Summary

Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space, a similar vulnerability to CVE-2005-1589.

Vulnerable Systems

Operating System

  • Linux Kernel 2.6 Test9 Cvs

  • Linux Kernel 2.6.0

  • Linux Kernel 2.6.1

  • Linux Kernel 2.6.2

  • Linux Kernel 2.6.3

  • Linux Kernel 2.6.4

  • Linux Kernel 2.6.5

  • Linux Kernel 2.6.6

  • Linux Kernel 2.6.7

  • Linux Kernel 2.6.8

  • Linux Kernel 2.6.9


References

MLIST - [linux-kernel] 20050517 [PATCH] Fix root hole in raw device

VULNWATCH - 20050516 Linux kernel pktcdvd and rawdevice ioctl break user space limit vulnerability

VUPEN - ADV-2005-0557

CONFIRM - http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.10

VULNWATCH - 20050517 Re: Linux kernel pktcdvd and rawdevice ioctl break user space limit vulnerability

BID - 13651

FEDORA - FLSA:157459-3

REDHAT - RHSA-2005:420


Last Updated: 27 May 2016 10:40:06