Bug 84043 (CVE-2005-1589)

Summary: VUL-0: CVE-2005-1589: kernel pktcdvd and rawdevice ioctl privilege escalation
Product: [Novell Products] SUSE Security Incidents Reporter: Ludwig Nussel <lnussel>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None CC: meissner, security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: All   
Whiteboard: CVE-2005-1589: CVSS v2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Ludwig Nussel 2005-05-17 14:37:56 UTC 
We received the following report via vendor-sec.
The issue is public.
According to Marcus comment on vendor-sec the first issue should be fixed in our kernels already. Don't know about the second. Not accessible for users per default => severity low.

Adding Greg to CC as he participated in the discusson on vendor-sec. Maybe he can supply a patch as well :-)

Date: Tue, 17 May 2005 15:06:23 +0100 (BST)
From: Mark J Cox <mjc@redhat.com>
To: vendor-sec@lst.de
Subject: [vendor-sec] pktcdvd gets CAN-2005-1589

http://marc.theaimsgroup.com/?l=vulnwatch&m=111630161707917&w=2

Came out *after* these flaws were disclosed on lkml however ;)

CAN-2005-1264 for the raw device hole
CAN-2005-1589 for the similar flaw in pktcdvd

Thanks, Mark
-- 
Mark J Cox / Red Hat Security Response Team


_______________________________________________
Vendor Security mailing list
Vendor Security@lst.de
https://www.lst.de/cgi-bin/mailman/listinfo/vendor-sec
Comment 1 Hubert Mantel 2005-05-17 14:46:22 UTC 
Would be good to get the fix still into SP2 ;)
Comment 2 Greg Kroah-Hartman 2005-05-19 05:41:21 UTC 
Patch can be found at
http://www.kernel.org/git/?p=linux/kernel/git/gregkh/linux-2.6.11.y.git;a=commit;h=6d608f690e9f0d51b07400c9fdfaaa1e3302ba69

Will go add it to SP2 tree...
Comment 3 Greg Kroah-Hartman 2005-05-19 05:46:28 UTC 
Heh, the pktcdvd driver is not in SLES9, so it's not vunerable :)
Comment 4 Hubert Mantel 2005-05-19 13:07:27 UTC 
Yes, but SL 9.3 is vulnerable, right?
Comment 5 Greg Kroah-Hartman 2005-05-19 15:13:37 UTC 
Yes, and the SL93 kernel branch is already updated with the fix :)
Comment 6 Hubert Mantel 2005-06-02 11:39:22 UTC 
So everything should be fine here
Comment 7 Ludwig Nussel 2005-06-09 12:46:56 UTC 
k
Comment 8 Thomas Biege 2009-10-13 21:23:48 UTC 
CVE-2005-1589: CVSS v2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)