Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 92934

Summary: Linux Kernel ioctl Handlers Privilege Escalation Vulnerabilities (<= 2.6.11.9)
Product: Gentoo Security Reporter: Adir Abraham <adirab>
Component: KernelAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.frsirt.com/english/advisories/2005/0557
Whiteboard:
Package list:
Runtime testing required: ---

Description Adir Abraham 2005-05-17 08:54:25 UTC 
According to FrSIRT:

* Technical Description *

Multiple vulnerabilities were identified in Linux Kernel, which may be 
exploited by local attackers to obtain elevated privileges or cause a denial of 
service. These flaws are due to input validation errors in the raw device and 
pktcdvd block device ioctl handlers when processing specially crafted arguments 
passed to the "raw_ioctl()", "pkt_ioctl()" and "ioctl_by_bdev()" functions, 
which may be exploited by malicious users to execute arbitrary commands with 
kernel privileges.

 * Affected Products *

Linux Kernel version 2.6.11.9 and prior

 * Solution *

Upgrade to Linux Kernel version 2.6.11.10 :
http://www.kernel.org/



Reproducible: Always
Steps to Reproduce:
Comment 1 Tim Yamin (RETIRED) gentoo-dev 2005-05-17 15:13:01 UTC 

*** This bug has been marked as a duplicate of 92864 ***