Bug#309429: kernel-source-2.6.8: Local privilege escalation in pktcdvd und raw ioctl handling
tag 309429 +pending
thanks
On Tue, May 17, 2005 at 09:06:16AM +0200, Moritz Muehlenhoff wrote:
> Package: kernel-source-2.6.8
> Severity: grave
> Justification: user security hole
>
>
> Two new local privilege escalations have been found in the 2.6 kernels;
> input to the pktcdvd and raw ioctls is passed unchecked. Both issues
> have been fixed in 2.6.11.10. 2.4 does not seem to be affected.
> At least one of the issues is CAN-2005-1264.
2.6.11 is vulnerable to both of these problems.
2.6.11.10 has been applied in SVN and should appear in 2.6.11-5.
2.6.8 is only vulnerable to the raw ioctl problem,
which I believe is CAN-2005-1264. I have added the patch
from 2.6.11.10 in SVN to both the trunk
(unstable/testing-proposed-updates) and sarge-security
(testing-security) branches and it should appear in 2.6.8-16 and
2.6.8-15sarge1 respectively.
2.4.27 does not appear to be vulnerable to either of these problems.
--
Horms
Reply to: