Bug#301372: kernel-source-2.6.8: [CAN-2005-0839] Insecure restriction of access to the N_MOUSE line disciple for TTYs

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#301372: kernel-source-2.6.8: [CAN-2005-0839] Insecure restriction of access to the N_MOUSE line disciple for TTYs
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Fri, 25 Mar 2005 13:37:14 +0100
Message-id: <[🔎] E1DEo3u-0001sl-HX@localhost.localdomain>
Reply-to: Moritz Muehlenhoff <jmm@inutil.org>, 301372@bugs.debian.org

Package: kernel-source-2.6.8
Version: 2.6.8-15
Severity: grave
Tags: security

Kernels before 2.6.11 do not properly restrict access to the N_MOUSE line
disciple for TTYs, which allows local users to inject mouse or keyboard
events into other's users sessions and possibly gain extended privileges.

A fix is referenced at
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0839 (I currently
don't have a mouse and typing Bitkeeper web URLs is too weird :-))

Cheers,
        Moritz

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)

Versions of packages kernel-source-2.6.8 depends on:
ii  binutils                      2.15-5     The GNU assembler, linker and bina
ii  bzip2                         1.0.2-5    high-quality block-sorting file co
ii  coreutils [fileutils]         5.2.1-2    The GNU core utilities

Reply to:

Follow-Ups:
- Bug#301372: kernel-source-2.6.8: [CAN-2005-0839] Insecure restriction of access to the N_MOUSE line disciple for TTYs
  - From: Horms <horms@debian.org>

Prev by Date: Bug#301188: [workaround]: initrd-tools: tries to install module qla6322 which is missing in kernel 2.6.11.x
Next by Date: Re: 2.4.27-9
Previous by thread: Re: kernel security upgrades
Next by thread: Bug#301372: kernel-source-2.6.8: [CAN-2005-0839] Insecure restriction of access to the N_MOUSE line disciple for TTYs
Index(es):
- Date
- Thread