#VU94810 Improper input validation in Linux kernel - CVE-2005-1264
Published: May 17, 2005 / Updated: October 19, 2018
Vulnerability identifier: #VU94810
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2005-1264
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to execute arbitrary code.
Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space, a similar vulnerability to CVE-2005-1589.
Remediation
Install update from vendor's repository.
External links
- http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0045.html
- http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0046.html
- http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.10
- http://marc.info/?l=linux-kernel&m=111630512512222
- http://www.redhat.com/support/errata/RHSA-2005-420.html
- http://www.securityfocus.com/archive/1/427980/100/0/threaded
- http://www.securityfocus.com/bid/13651
- http://www.vupen.com/english/advisories/2005/0557
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10264