Improper access control in Linux kernel - CVE-2005-1589
Published: May 17, 2005 / Updated: August 9, 2024
Vulnerability identifier: #VU95635
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2005-1589
CWE-ID: CWE-284
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to execute arbitrary code.
The pkt_ioctl function in the pktcdvd block device ioctl handler (pktcdvd.c) in Linux kernel 2.6.12-rc4 and earlier calls the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space and allows local users to cause a denial of service and possibly execute arbitrary code, a similar vulnerability to CVE-2005-1264.
How to mitigate CVE-2005-1589
Install update from vendor's repository.
Sources
- http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0045.html
- http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0046.html
- http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0047.html
- http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.10
- http://marc.info/?l=linux-kernel&m=111630531515901&w=2
- http://secunia.com/advisories/17826
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:219
- http://www.securityfocus.com/bid/13651
- http://www.vupen.com/english/advisories/2005/0557