SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  OS (Linux)  >  Linux Kernel Vendors:  kernel.org
Linux Kernel Vicam USB Driver May Cross Security Boundaries and Access Userspace Data
SecurityTracker Alert ID:  1009096
SecurityTracker URL:  http://securitytracker.com/id?1009096
CVE Reference:  CAN-2004-0075   (Links to External Site)
Date:  Feb 18 2004
Impact:  Disclosure of user information, Modification of user information
Vendor Confirmed:  Yes  
Version(s): 2.4 prior to 2.4.25
Description:  A vulnerability was reported in the Linux kernel in the Vicam USB driver. A local process may be able to cross security boundaries.

It is reported that the Vicam USB driver in Linux kernel versions prior to 2.4.25 does not use the copy_from_user() function to access userspace, which violates security boundaries.

No further details were provided.
Impact:  A local process may be able to cause the driver to access userspace data for a different process.
Solution:  A fixed version (2.4.25) is planned, to be available at:

http://www.kernel.org/
Vendor URL:  www.kernel.org/ (Links to External Site)
Cause:  Access control error
Underlying OS:  Linux (Caldera/SCO), Linux (Conectiva), Linux (Debian), Linux (EnGarde), Linux (Gentoo), Linux (HP Secure OS), Linux (Immunix), Linux (Mandrake), Linux (Progeny Debian), Linux (Red Hat Enterprise), Linux (Red Hat Fedora), Linux (Red Hat Linux), Linux (SGI), Linux (Slackware), Linux (Sun), Linux (SuSE), Linux (Trustix), Linux (Turbo Linux), Linux (Xandros)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Feb 18 2004 (Red Hat Issues Fix for RH Linux) Linux Kernel Vicam USB Driver May Cross Security Boundaries and Access Userspace Data   (bugzilla@redhat.com)
Red Hat has issued a fix for Red Hat Linux 9.
Feb 18 2004 (SuSE Issues Fix) Linux Kernel Vicam USB Driver May Cross Security Boundaries and Access Userspace Data   (thomas@suse.de (Thomas Biege))
SuSE has released a fix.
Feb 25 2004 (Mandrake Issues Fix) Linux Kernel Vicam USB Driver May Cross Security Boundaries and Access Userspace Data   (Mandrake Linux Security Team <security@linux-mandrake.com>)
Mandrake has released a fix.
Feb 26 2004 (Mandrake Issues Fix for x86_64) Linux Kernel Vicam USB Driver May Cross Security Boundaries and Access Userspace Data   (Mandrake Linux Security Team <security@linux-mandrake.com>)
Mandrake has released a fix for Corporate Server 2.1/x86_64.
Dec 30 2004 (Conectiva Issues Fix) Linux Kernel Vicam USB Driver May Cross Security Boundaries and Access Userspace Data   (Conectiva Updates <secure@conectiva.com.br>)
Conectiva has released a fix.


 Source Message Contents
Date:  Wed, 18 Feb 2004 08:07:34 -0500
Subject:  CAN-2004-0075

 

CVE: CAN-2004-0075

It is reported that the Vicam USB driver in Linux kernel versions prior to 2.4.25 does not 
use the copy_from_user() function to access userspace, which violates security boundaries.

Red Hat provided this information.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2004, SecurityGlobal.net LLC