[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249966

 
 

909

 
 

195636

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2005-1264Date: (C)2005-05-17   (M)2023-12-22


Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space, a similar vulnerability to CVE-2005-1589.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.2
Exploit Score: 3.9
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
BID-13651
http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0045.html
http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0046.html
ADV-2005-0557
FLSA:157459-3
RHSA-2005:420
http://marc.info/?l=linux-kernel&m=111630512512222
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.10
oval:org.mitre.oval:def:10264

CPE    27
cpe:/o:linux:linux_kernel:2.6.1:rc1
cpe:/o:linux:linux_kernel:2.6.6:rc1
cpe:/o:linux:linux_kernel:2.6.8
cpe:/o:linux:linux_kernel:2.6.0:test1
...

© SecPod Technologies