74519 – (CVE-2005-0750) VUL-0: CVE-2005-0750: kernel: local root exploit in AF_BLUETOOTH

Bug 74519 (CVE-2005-0750) - VUL-0: CVE-2005-0750: kernel: local root exploit in AF_BLUETOOTH

Summary: VUL-0: CVE-2005-0750: kernel: local root exploit in AF_BLUETOOTH

Status:	RESOLVED FIXED

Alias:	CVE-2005-0750

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	All All

Priority:	P5 - None Severity: Critical
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	CVE-2005-0750: CVSS v2 Base Score: 7....
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2005-03-25 10:20 UTC by Marcus Meissner
Modified:	2017-03-24 07:23 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Other
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
rs-2.6.tgz (3.71 KB, application/octet-stream) 2005-03-29 08:21 UTC, Marcus Meissner	Details
rs.tar.gz (2.63 KB, application/octet-stream) 2005-03-29 08:21 UTC, Marcus Meissner	Details
bluetooth.patch (1.16 KB, patch) 2005-03-29 08:35 UTC, Marcus Meissner	Details \| Diff
bluetooth-24.patch (787 bytes, patch) 2005-03-29 08:36 UTC, Marcus Meissner	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2005-03-25 10:20:52 UTC

there is a local root exploit in AF_BLUETOOTH   
caused by a missing <0 check in  
net/bluetooth/af_bluetooth.c::bt_sock_create().  
  
(everyone can do   
  
socket(AF_BLUETOOTH,-xxxx,0); is the problem I think.  
  
)

Comment 1 Marcus Meissner 2005-03-25 10:26:15 UTC

CAN-2005-0750

Comment 2 Marcus Meissner 2005-03-25 10:30:10 UTC

reported by ilja <ilja@suresec.org

Comment 3 Marcus Meissner 2005-03-29 08:21:06 UTC

Created attachment 32818 [details]
rs-2.6.tgz

Comment 4 Marcus Meissner 2005-03-29 08:21:29 UTC

Created attachment 32819 [details]
rs.tar.gz

Comment 5 Marcus Meissner 2005-03-29 08:35:57 UTC

Created attachment 32820 [details]
bluetooth.patch

2.6 patch from Marcel

Comment 6 Marcus Meissner 2005-03-29 08:36:19 UTC

Created attachment 32821 [details]
bluetooth-24.patch

2.4 patch (by me)

Comment 7 Marcus Meissner 2005-03-29 08:48:41 UTC

swampid: 714

Comment 8 Hubert Mantel 2005-03-29 09:41:19 UTC

Fix has been committed to all trees and kernels have been submitted for checkin
into autobuild.

Comment 9 Marcus Meissner 2005-04-05 13:35:06 UTC

urgent kernel updates + advisory has been released. 
 
patch is in all other branches for next update rounds too. 
 
-> fixed

Comment 10 Thomas Biege 2009-10-13 21:13:45 UTC

CVE-2005-0750: CVSS v2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)