[kernel] r5000 - patch-tracking
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Sun Dec 11 16:53:48 UTC 2005
Author: jmm-guest
Date: Sun Dec 11 16:53:47 2005
New Revision: 5000
Added:
patch-tracking/CVE-2005-1589
Log:
pkt_ioctl local root vulnerability
Added: patch-tracking/CVE-2005-1589
==============================================================================
--- (empty file)
+++ patch-tracking/CVE-2005-1589 Sun Dec 11 16:53:47 2005
@@ -0,0 +1,35 @@
+Candidate: CVE-2005-1589
+References:
+ http://marc.theaimsgroup.com/?l=linux-kernel&m=111630531515901&w=2
+ http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0045.html
+ http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0046.html
+ http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0047.html
+ http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.10
+ http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:219
+ http://www.frsirt.com/english/advisories/2005/0557
+Description:
+ The pkt_ioctl function in the pktcdvd block device ioctl handler (pktcdvd.c)
+ in Linux kernel 2.6.12-rc4 and earlier calls the wrong function before
+ passing an ioctl to the block device, which crosses security boundaries by
+ making kernel address space accessible from user space and allows local users
+ to cause a denial of service and possibly execute arbitrary code, a similar
+ vulnerability to CVE-2005-1264.
+Notes:
+ horms> (discussing this and a similar problem):
+ horms> 2.6.8 is only vulnerable to the raw ioctl problem,
+ horms> which I believe is CAN-2005-1264.
+ horms> (unstable/testing-proposed-updates) and sarge-security
+ horms> (testing-security) branches and it should appear in 2.6.8-16 and
+ horms> 2.6.8-15sarge1 respectively.
+ horms> 2.4.27 does not appear to be vulnerable to either of these problems.
+Bugs: 309429
+upstream: released (2.6.11.10), released (2.6.12-rc5)
+2.6.14: N/A
+2.6.8-sarge-security: pending (2.6.8-15sarge1)
+2.4.27-sarge-security: N/A
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
\ No newline at end of file
More information about the Kernel-svn-changes
mailing list