Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1589

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2005-1589
Last Modified 07 Mar 2011 09:22:13
Published 17 May 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-1589

Summary

The pkt_ioctl function in the pktcdvd block device ioctl handler (pktcdvd.c) in Linux kernel 2.6.12-rc4 and earlier calls the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space and allows local users to cause a denial of service and possibly execute arbitrary code, a similar vulnerability to CVE-2005-1264.

Vulnerable Systems

Operating System

  • Linux Kernel 2.6.12


References

MLIST - [linux-kernel] 20050517 [PATCH] Fix root hole in pktcdvd

VULNWATCH - 20050516 Linux kernel pktcdvd and rawdevice ioctl break user space limit vulnerability

VUPEN - ADV-2005-0557

MANDRAKE - MDKSA-2005:219

CONFIRM - http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.10

VULNWATCH - 20050517 Linux kernel pktcdvd ioctl break user space limit vulnerability [corrected]

VULNWATCH - 20050517 Re: Linux kernel pktcdvd and rawdevice ioctl break user space limit vulnerability

BID - 13651

SECUNIA - 17826


Last Updated: 27 May 2016 10:40:13