Bugzilla – Bug 84043
VUL-0: CVE-2005-1589: kernel pktcdvd and rawdevice ioctl privilege escalation
Last modified: 2019-05-21 05:35:21 UTC
We received the following report via vendor-sec. The issue is public. According to Marcus comment on vendor-sec the first issue should be fixed in our kernels already. Don't know about the second. Not accessible for users per default => severity low. Adding Greg to CC as he participated in the discusson on vendor-sec. Maybe he can supply a patch as well :-) Date: Tue, 17 May 2005 15:06:23 +0100 (BST) From: Mark J Cox <mjc@redhat.com> To: vendor-sec@lst.de Subject: [vendor-sec] pktcdvd gets CAN-2005-1589 http://marc.theaimsgroup.com/?l=vulnwatch&m=111630161707917&w=2 Came out *after* these flaws were disclosed on lkml however ;) CAN-2005-1264 for the raw device hole CAN-2005-1589 for the similar flaw in pktcdvd Thanks, Mark -- Mark J Cox / Red Hat Security Response Team _______________________________________________ Vendor Security mailing list Vendor Security@lst.de https://www.lst.de/cgi-bin/mailman/listinfo/vendor-sec
Would be good to get the fix still into SP2 ;)
Patch can be found at http://www.kernel.org/git/?p=linux/kernel/git/gregkh/linux-2.6.11.y.git;a=commit;h=6d608f690e9f0d51b07400c9fdfaaa1e3302ba69 Will go add it to SP2 tree...
Heh, the pktcdvd driver is not in SLES9, so it's not vunerable :)
Yes, but SL 9.3 is vulnerable, right?
Yes, and the SL93 kernel branch is already updated with the fix :)
So everything should be fine here
k
CVE-2005-1589: CVSS v2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)