CVE-2005-1589

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The pkt_ioctl function in the pktcdvd block device ioctl handler (pktcdvd.c) in Linux kernel 2.6.12-rc4 and earlier calls the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space and allows local users to cause a denial of service and possibly execute arbitrary code, a similar vulnerability to CVE-2005-1264.

References

http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0045.html

http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0046.html

http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0047.html

http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.10

http://marc.info/?l=linux-kernel&m=111630531515901&w=2

http://secunia.com/advisories/17826

http://www.mandriva.com/security/advisories?name=MDKSA-2005:219

http://www.securityfocus.com/bid/13651

http://www.vupen.com/english/advisories/2005/0557

Details

Source: MITRE

Published: 2005-05-17

Updated: 2017-02-19

Risk Information

CVSS v2

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:rc4:*:*:*:*:*:* versions up to 2.6.12 (inclusive)

Tenable Plugins

View all (2 total)

IDNameProductFamilySeverity
20522Ubuntu 4.10 / 5.04 : linux-source-2.6.8.1, linux-source-2.6.10 vulnerabilities (USN-131-1)NessusUbuntu Local Security Checks
high
20450Mandrake Linux Security Advisory : kernel (MDKSA-2005:219)NessusMandriva Local Security Checks
high