SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Linux)  >   Linux Kernel Vendors:   kernel.org
Linux Kernel coda_pioctl Buffer Overflow Lets Local Users Execute Arbitrary Code
SecurityTracker Alert ID:  1013018
SecurityTracker URL:  http://securitytracker.com/id/1013018
CVE Reference:   CVE-2005-0124   (Links to External Site)
Date:  Jan 28 2005
Impact:   Denial of service via local system, Execution of arbitrary code via local system, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.6.9, 2.4.x before 2.4.29
Description:   In December 2004, a vulnerability was reported in the Linux kernel in the coda_pioctl function. A local user may be able to execute arbitrary code with elevated privileges.

Bryan Fulton reported that a source code checker by Coverity detected a flaw in the coda functionality in 'pioctl.c'. A local user can supply negative vi.in_size or vi.out_size values to the coda_pioctl() function to trigger a buffer overflow and execute arbitrary code.

Impact:   A local user may be able to execute arbitrary code with elevated privileges.
Solution:   Fixes are available at:

http://linux.bkbits.net:8080/linux-2.6/cset@41e40c4cXMJpzlmvtt48jmdmdi7_Gw
http://linux.bkbits.net:8080/linux-2.4/cset@41e2bcc80m08xKvcOTyeN4AAerqKdA

Vendor URL:  www.kernel.org/ (Links to External Site)
Cause:   Boundary error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC