CVE-2005-1589

Linux Kernel < 2.6.12 - Denial of Service

Title source: rule

Description

The pkt_ioctl function in the pktcdvd block device ioctl handler (pktcdvd.c) in Linux kernel 2.6.12-rc4 and earlier calls the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space and allows local users to cause a denial of service and possibly execute arbitrary code, a similar vulnerability to CVE-2005-1264.

Exploits (1)

exploitdb WORKING POC VERIFIED

by alert7 · cdoslinux

https://www.exploit-db.com/exploits/998

View Code ZIP pw:eip

References (9)

[Exploit, Patch, Vendor Advisory] http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0045.html

[Third Party Advisory] http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0046.html

[Third Party Advisory] http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0047.html

[Various Sources] http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.10

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDKSA-2005:219

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/13651

[Third Party Advisory] http://secunia.com/advisories/17826

[Third Party Advisory] http://www.vupen.com/english/advisories/2005/0557

[Mailing List] http://marc.info/?l=linux-kernel&m=111630531515901&w=2

Scores

EPSS 0.0027

EPSS Percentile 50.2%

Classification

Status draft

Affected Products (1)

linux/linux_kernel < 2.6.12

Timeline

Published May 17, 2005

Tracked Since Feb 18, 2026