Bug#309429: kernel-source-2.6.8: Local privilege escalation in pktcdvd und raw ioctl handling
Package: kernel-source-2.6.8
Severity: grave
Justification: user security hole
Two new local privilege escalations have been found in the 2.6 kernels;
input to the pktcdvd and raw ioctls is passed unchecked. Both issues
have been fixed in 2.6.11.10. 2.4 does not seem to be affected.
At least one of the issues is CAN-2005-1264.
Cheers,
Moritz
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (990, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.29-vs1.2.10
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Reply to: