The dvd_read_bca function in the DVD handling code in drivers/cdrom/cdrom.c in Linux kernel 2.2.16, and later versions, assigns the wrong value to a length variable, which allows local users to execute arbitrary code via a crafted USB Storage device that triggers a buffer overflow.
CPE | Name | Operator | Version |
---|---|---|---|
ubuntu_linux | eq | 5.04 | |
ubuntu_linux | eq | 5.10 | |
ubuntu_linux | eq | 6.06 | |
debian_linux | eq | 3.1 | |
linux_kernel | ge | 2.2.16 | |
linux_kernel | le | 2.16.16 |
bugzilla.kernel.org/show_bug.cgi?id=2966
secunia.com/advisories/21179
secunia.com/advisories/21298
secunia.com/advisories/21498
secunia.com/advisories/21605
secunia.com/advisories/21614
secunia.com/advisories/21695
secunia.com/advisories/21934
secunia.com/advisories/22082
secunia.com/advisories/22093
secunia.com/advisories/22174
secunia.com/advisories/22497
secunia.com/advisories/22822
secunia.com/advisories/23064
secunia.com/advisories/23788
secunia.com/advisories/24288
support.avaya.com/elmodocs2/security/ASA-2006-203.htm
support.avaya.com/elmodocs2/security/ASA-2006-254.htm
support.avaya.com/elmodocs2/security/ASA-2007-078.htm
www.debian.org/security/2006/dsa-1183
www.debian.org/security/2006/dsa-1184
www.mandriva.com/security/advisories?name=MDKSA-2006:150
www.mandriva.com/security/advisories?name=MDKSA-2006:151
www.novell.com/linux/security/advisories/2006_42_kernel.html
www.novell.com/linux/security/advisories/2006_47_kernel.html
www.novell.com/linux/security/advisories/2006_49_kernel.html
www.novell.com/linux/security/advisories/2006_64_kernel.html
www.redhat.com/support/errata/RHSA-2006-0617.html
www.redhat.com/support/errata/RHSA-2006-0710.html
www.redhat.com/support/errata/RHSA-2007-0012.html
www.redhat.com/support/errata/RHSA-2007-0013.html
www.securityfocus.com/archive/1/444887/100/0/threaded
www.securityfocus.com/bid/18847
www.ubuntu.com/usn/usn-331-1
www.ubuntu.com/usn/usn-346-1
www.vupen.com/english/advisories/2006/2680
bugzilla.redhat.com/bugzilla/show_bug.cgi?id=197670
exchange.xforce.ibmcloud.com/vulnerabilities/27579
issues.rpath.com/browse/RPL-611
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10886