CVE-2005-1589

Linux Kernel < 2.6.12 - Denial of Service and Arbitrary Code Execution via pkt_ioctl Function

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-1589. PoCs published by alert7.

AI-analyzed exploit summary This PoC exploits a vulnerability in the pktcdvd driver in Linux kernels up to 2.6.12-rc4 by writing arbitrary data to the IDT (Interrupt Descriptor Table), causing a system crash. It demonstrates a denial-of-service (DoS) condition but does not include a root shell or further exploitation.

Description

The pkt_ioctl function in the pktcdvd block device ioctl handler (pktcdvd.c) in Linux kernel 2.6.12-rc4 and earlier calls the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space and allows local users to cause a denial of service and possibly execute arbitrary code, a similar vulnerability to CVE-2005-1264.

Exploits (1)

exploitdb WORKING POC VERIFIED

by alert7 · cdoslinux

https://www.exploit-db.com/exploits/998

View Code ZIP pw:eip

This PoC exploits a vulnerability in the pktcdvd driver in Linux kernels up to 2.6.12-rc4 by writing arbitrary data to the IDT (Interrupt Descriptor Table), causing a system crash. It demonstrates a denial-of-service (DoS) condition but does not include a root shell or further exploitation.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Linux kernel (pktcdvd driver) up to 2.6.12-rc4

No auth needed

Prerequisites: User must have read access to the pktcdvd block device (e.g., /dev/hdc)

MITRE ATT&CK