[kernel-sec-discuss] r1093 - active retired
dannf at alioth.debian.org
dannf at alioth.debian.org
Fri Jan 18 00:04:48 UTC 2008
Author: dannf
Date: 2008-01-18 00:04:36 +0000 (Fri, 18 Jan 2008)
New Revision: 1093
Added:
retired/CVE-2005-1264
Removed:
active/CVE-2005-1264
Log:
retire CVE-2005-1264
Deleted: active/CVE-2005-1264
===================================================================
--- active/CVE-2005-1264 2008-01-18 00:03:14 UTC (rev 1092)
+++ active/CVE-2005-1264 2008-01-18 00:04:36 UTC (rev 1093)
@@ -1,24 +0,0 @@
-Candidate: CVE-2005-1264
-References:
- MLIST:[linux-kernel] 20050517 [PATCH] Fix root hole in raw device
- URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=111630512512222
- VULNWATCH:20050516 Linux kernel pktcdvd and rawdevice ioctl break user space limit vulnerability
- URL:http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0045.html
- VULNWATCH:20050517 Re: Linux kernel pktcdvd and rawdevice ioctl break user space limit vulnerability
- URL:http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0046.html
- CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.10
- FRSIRT:ADV-2005-0557
- URL:http://www.frsirt.com/english/advisories/2005/0557
-Description:
- Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong
- function before passing an ioctl to the block device, which crosses security
- boundaries by making kernel address space accessible from user space, a
- similar vulnerability to CVE-2005-1589.
-Notes:
- dannf> Code is very different in 2.4, don't know if its vulnerable
-Bugs:
-upstream: released (2.6.11.10)
-linux-2.6: N/A
-2.6.8-sarge-security: released (2.6.8-16) [drivers-block-raw-ioctl.dpatch]
-2.4.27-sarge-security: ignored (2.4.27-10sarge3)
-2.6.18-etch-security: N/A
Copied: retired/CVE-2005-1264 (from rev 1089, active/CVE-2005-1264)
===================================================================
--- retired/CVE-2005-1264 (rev 0)
+++ retired/CVE-2005-1264 2008-01-18 00:04:36 UTC (rev 1093)
@@ -0,0 +1,23 @@
+Candidate: CVE-2005-1264
+References:
+ MLIST:[linux-kernel] 20050517 [PATCH] Fix root hole in raw device
+ URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=111630512512222
+ VULNWATCH:20050516 Linux kernel pktcdvd and rawdevice ioctl break user space limit vulnerability
+ URL:http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0045.html
+ VULNWATCH:20050517 Re: Linux kernel pktcdvd and rawdevice ioctl break user space limit vulnerability
+ URL:http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0046.html
+ CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.10
+ FRSIRT:ADV-2005-0557
+ URL:http://www.frsirt.com/english/advisories/2005/0557
+Description:
+ Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong
+ function before passing an ioctl to the block device, which crosses security
+ boundaries by making kernel address space accessible from user space, a
+ similar vulnerability to CVE-2005-1589.
+Notes:
+Bugs:
+upstream: released (2.6.11.10)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-16) [drivers-block-raw-ioctl.dpatch]
+2.4.27-sarge-security: N/A "raw.c doesn't call ioctl_by_bdev() in 2.4"
+2.6.18-etch-security: N/A
More information about the kernel-sec-discuss
mailing list