SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   OS (Linux)  >   Linux Kernel Vendors:   kernel.org
Linux Kernel Vicam USB Driver May Cross Security Boundaries and Access Userspace Data
SecurityTracker Alert ID:  1009096
SecurityTracker URL:  http://securitytracker.com/id/1009096
CVE Reference:   CAN-2004-0075   (Links to External Site)
Date:  Feb 18 2004
Impact:   Disclosure of user information, Modification of user information
Vendor Confirmed:  Yes  
Version(s): 2.4 prior to 2.4.25
Description:   A vulnerability was reported in the Linux kernel in the Vicam USB driver. A local process may be able to cross security boundaries.

It is reported that the Vicam USB driver in Linux kernel versions prior to 2.4.25 does not use the copy_from_user() function to access userspace, which violates security boundaries.

No further details were provided.
Impact:   A local process may be able to cause the driver to access userspace data for a different process.
Solution:   A fixed version (2.4.25) is planned, to be available at:

http://www.kernel.org/
Vendor URL:  www.kernel.org/ (Links to External Site)
Cause:   Access control error
Underlying OS:  

Message History:   This archive entry has one or more follow-up message(s) listed below.
Feb 18 2004 (Red Hat Issues Fix for RH Linux) Linux Kernel Vicam USB Driver May Cross Security Boundaries and Access Userspace Data   (bugzilla@redhat.com)
Red Hat has issued a fix for Red Hat Linux 9.
Feb 18 2004 (SuSE Issues Fix) Linux Kernel Vicam USB Driver May Cross Security Boundaries and Access Userspace Data   (thomas@suse.de (Thomas Biege))
SuSE has released a fix.
Feb 25 2004 (Mandrake Issues Fix) Linux Kernel Vicam USB Driver May Cross Security Boundaries and Access Userspace Data   (Mandrake Linux Security Team <security@linux-mandrake.com>)
Mandrake has released a fix.
Feb 26 2004 (Mandrake Issues Fix for x86_64) Linux Kernel Vicam USB Driver May Cross Security Boundaries and Access Userspace Data   (Mandrake Linux Security Team <security@linux-mandrake.com>)
Mandrake has released a fix for Corporate Server 2.1/x86_64.
Dec 30 2004 (Conectiva Issues Fix) Linux Kernel Vicam USB Driver May Cross Security Boundaries and Access Userspace Data   (Conectiva Updates <secure@conectiva.com.br>)
Conectiva has released a fix.


 Source Message Contents
Date:  Wed, 18 Feb 2004 08:07:34 -0500
Subject:  CAN-2004-0075


CVE: CAN-2004-0075

It is reported that the Vicam USB driver in Linux kernel versions prior to 2.4.25 does not 
use the copy_from_user() function to access userspace, which violates security boundaries.

Red Hat provided this information.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC