SB2005051702 - Improper access control in Linux kernel
Published: May 17, 2005 Updated: August 9, 2024
Security Bulletin ID
SB2005051702
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper access control (CVE-ID: CVE-2005-1589)
The vulnerability allows a local user to execute arbitrary code.
The pkt_ioctl function in the pktcdvd block device ioctl handler (pktcdvd.c) in Linux kernel 2.6.12-rc4 and earlier calls the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space and allows local users to cause a denial of service and possibly execute arbitrary code, a similar vulnerability to CVE-2005-1264.
Remediation
Install update from vendor's website.
References
- http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0045.html
- http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0046.html
- http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0047.html
- http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.10
- http://marc.info/?l=linux-kernel&m=111630531515901&w=2
- http://secunia.com/advisories/17826
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:219
- http://www.securityfocus.com/bid/13651
- http://www.vupen.com/english/advisories/2005/0557