CVE-2005-1589
published 2005-05-17CVE-2005-1589: The pkt_ioctl function in the pktcdvd block device ioctl handler (pktcdvd.c) in Linux kernel 2.6.12-rc4 and earlier calls the wrong function before passing an…
PriorityP429high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
1.18%
63.9th percentile
The pkt_ioctl function in the pktcdvd block device ioctl handler (pktcdvd.c) in Linux kernel 2.6.12-rc4 and earlier calls the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space and allows local users to cause a denial of service and possibly execute arbitrary code, a similar vulnerability to CVE-2005-1264.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | <= 2.6.12 | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
CVSS provenance
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat7.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2005-05-23
CVE-2005-1368 Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Linux kernel vulnerabilities
Colin Percival discovered an information disclosure in the "Hyper
Threading Technology" architecture in processors which are capable of
simultaneous multithreading (in particular Intel Pentium 4, Intel
Mobile Pentium 4, and Intel Xeon processors). This allows a malicious
thread to monitor the execution of another thread on the same CPU.
This could be exploited to steal cryptographic keys, passwords, or
other arbitrary data from unrelated processes. Since it is not
possible to provide a safe patch in a short time, HyperThreading has
been disabled in the updated kernel packages for now. You can manually
enable HyperThreading again by passing the kernel parameter "ht=on" at
boot. (CAN-2005-0109)
A Denial of Service v
Red Hat
security flaw
vendor_redhat·2005-05-17·CVSS 7.2
CVE-2005-1264 [HIGH] security flaw
security flaw
Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space, a similar vulnerability to CVE-2005-1589.
GHSA
GHSA-vrh3-vx52-7gxc: Raw character devices (raw
ghsa_unreviewed·2022-05-01·CVSS 7.2
CVE-2005-1264 [HIGH] GHSA-vrh3-vx52-7gxc: Raw character devices (raw
Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space, a similar vulnerability to CVE-2005-1589.
GHSA
GHSA-rgfg-567g-5mrr: The pkt_ioctl function in the pktcdvd block device ioctl handler (pktcdvd
ghsa_unreviewed·2022-05-01·CVSS 7.2
CVE-2005-1589 [HIGH] GHSA-rgfg-567g-5mrr: The pkt_ioctl function in the pktcdvd block device ioctl handler (pktcdvd
The pkt_ioctl function in the pktcdvd block device ioctl handler (pktcdvd.c) in Linux kernel 2.6.12-rc4 and earlier calls the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space and allows local users to cause a denial of service and possibly execute arbitrary code, a similar vulnerability to CVE-2005-1264.
No detection rules found.
Exploit-DB
OpenVMPSd 1.3 - Remote Format String
exploitdb·2006-02-10
CVE-2005-4714 OpenVMPSd 1.3 - Remote Format String
OpenVMPSd 1.3 - Remote Format String
---
/*
* gexp-openvmpsd.c
*
* OpenVMPSd v1.3 Remote Format String Exploit
* Copyright (C) 2005 Gotfault Security
*
* Bug found and developed by: barros and xgc
*
* Original Reference:
* http://gotfault.net/research/exploit/gexp-openvmpsd.c
*
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
/*==[ Prototypes ]==*/
void Usage(char *);
void fatal(char *);
int CreateEvilBuffer(int, int, int, int, char *);
void ExecuteShell(int);
void SendBuffer(int , char *, int);
int CreateUdpSocket(void);
int ConectToHost(char *, int);
/*==[ Defines ]==*/
#define DEFAULT_PORT 1589 // Default server port
#define BIND_PORT 31337 // Default port to bind
#define NOPSIZE 50 // Do not change this value cause the shellcode
Exploit-DB
Linux Kernel 2.6.12-rc4 - 'ioctl_by_bdev' Local Denial of Service
exploitdb·2005-05-17
CVE-2005-1589 Linux Kernel 2.6.12-rc4 - 'ioctl_by_bdev' Local Denial of Service
Linux Kernel 2.6.12-rc4 - 'ioctl_by_bdev' Local Denial of Service
---
/* pktcdvd_dos.c proof-of-concept
* This is only a lame POC which will crash the machine, no root shell here.
* --- alert7
* 2005-5-15
* the vulnerability in 2.6 up to and including 2.6.12-rc4
*
* gcc -o pktcdvd_dos pktcdvd_dos.c
*
* NOTE: require user can read pktcdvd block device
* THIS PROGRAM IS FOR EDUCATIONAL PURPOSES *ONLY* IT IS PROVIDED "AS IS"
* AND WITHOUT ANY WARRANTY. COPYING, PRINTING, DISTRIBUTION, MODIFICATION
* WITHOUT PERMISSION OF THE AUTHOR IS STRICTLY PROHIBITED.
*/
#define _GNU_SOURCE
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#incl
http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0045.htmlhttp://archives.neohapsis.com/archives/vulnwatch/2005-q2/0046.htmlhttp://archives.neohapsis.com/archives/vulnwatch/2005-q2/0047.htmlhttp://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.10http://marc.info/?l=linux-kernel&m=111630531515901&w=2http://secunia.com/advisories/17826http://www.mandriva.com/security/advisories?name=MDKSA-2005:219http://www.securityfocus.com/bid/13651http://www.vupen.com/english/advisories/2005/0557http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0045.htmlhttp://archives.neohapsis.com/archives/vulnwatch/2005-q2/0046.htmlhttp://archives.neohapsis.com/archives/vulnwatch/2005-q2/0047.htmlhttp://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.10http://marc.info/?l=linux-kernel&m=111630531515901&w=2http://secunia.com/advisories/17826http://www.mandriva.com/security/advisories?name=MDKSA-2005:219http://www.securityfocus.com/bid/13651http://www.vupen.com/english/advisories/2005/0557
2005-05-17
Published