Main Vulnerability Database SB2005050218

SB2005050218 - Incorrect default permissions in Linux kernel

Published: May 2, 2005

Security Bulletin ID SB2005050218

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Incorrect default permissions (CVE-ID: CVE-2005-1369)

The vulnerability allows a local user to perform service disruption.

The (1) it87 and (2) via686a drivers in I2C for Linux 2.6.x before 2.6.11.8, and 2.6.12 before 2.6.12-rc2, create the sysfs 'alarms' file with write permissions, which allows local users to cause a denial of service (CPU consumption) by attempting to write to the file, which does not have an associated store function.

Remediation

Install update from vendor's website.

References

http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.8
http://lkml.org/lkml/2005/4/20/159
http://www.securityfocus.com/archive/1/427980/100/0/threaded