Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:8166
HistoryMar 28, 2005 - 12:00 a.m.

local root security bug in linux >= 2.4.6 <= 2.4.30-rc1 and 2.6.x.y <= 2.6.11.5

2005-03-2800:00:00
vulners.com
47
JSON

Suresec security advisory 1
Release date: 27th March 2005
CVE ID: CAN-2005-0750
Linux kernel local root vulnerability
About the linux kernel:
The linux kernel is a widely used kernel which is unix based.
Vulnerability summary:
The linux kernel has support for bluetooth. A local root security
vulnerability was found in this bluetooth stack.
Vulnerable code:
static int bluez_sock_create(struct socket *sock, int proto)
{
if (proto >= BLUEZ_MAX_PROTO)
return -EINVAL;

return bluez_proto[proto]->create(sock, proto);
}
This code can be reached by either calling socket() or alternativly
calling socketpair(). When passed a negative value for the protocol the
bounds check can be bypassed. Later the protocol number is used as an
index to a function pointer. It is possible to use proto as an index to
some kind of memory that is under a user's control.
Impact:
When properly exploited this yields local root. (exploitation is trivial)
Affected versions:
This vulnerability affects all 2.6.x(.y) <= 2.6.11.5 linux kernels and >=
2.4.6 <= 2.4.30-rc1kernels provided that there is support for bluetooth.
Suggested Recommendations:
Update your kernel to a newer one, or alternativly we've made a
loadable kernel modules which works around the problem by checking
the protocol and domain before the bluetooth socket code is called. It
can be found at:
http://www.suresec.org/tools/bluetooth_workaround.tar.gz
Credits:
Ilja van Sprundel found this vulnerability.
About us:
Suresec Ltd is a global service provider of Internet security solutions
and consultancy with unmatched quality from our world class
consultancy practice.
Our consultants have pioneered in the field of security research and
have closely worked with leading software companies and service
providers to mitigate risks and fix a number of critical vulnerabilities,
suresec also works closely with a number of open source companies
to provide them with a source code auditing and technical consultancy.
We have a strong team consultants spread across Europe, the United
States and Australia specializing in security consulting.

Related

nessus 12
suse 2
exploitdb 1
cve 1
cert 1
ubuntucve 1
redhat 4
centos 3
openvas 1
ubuntu 1
nessus
nessus
SUSE-SA:2005:021: kernel
2005-04-06 00:00:00
RHEL 2.1 : kernel (RHSA-2005:283)
2005-04-29 00:00:00
Ubuntu 4.10 : linux-source-2.6.8.1 vulnerabilities (USN-103-1)
2006-01-15 00:00:00
suse
suse
local privilege escalation in kernel
2005-04-05 07:25:34
local privilege escalation in kernel
2005-06-09 11:10:38
exploitdb
exploitdb
Linux Kernel 2.4.x/2.6.x - Bluetooth Signed Buffer Index Vulnerability 4
2005-10-24 00:00:00
cve
cve
CVE-2005-0750
2005-03-27 05:00:00
cert
cert
Linux kernel Bluetooth support fails to properly bounds check "protocol" variable
2005-04-05 00:00:00
ubuntucve
ubuntucve
CVE-2005-0750
2005-03-27 00:00:00
redhat
redhat
(RHSA-2005:283) kernel security update
2005-04-28 00:00:00
(RHSA-2005:284) kernel security update
2005-04-28 00:00:00
(RHSA-2005:293) kernel security update
2005-04-22 00:00:00
centos
centos
kernel security update
2005-04-29 05:42:41
kernel security update
2005-04-22 21:54:37
kernel security update
2005-04-20 01:47:21
openvas
openvas
Ubuntu: Security Advisory (USN-103-1)
2022-08-26 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2005-04-01 00:00:00
JSON
Related for SECURITYVULNS:DOC:8166
nessus12suse2exploitdb1cve1cert1ubuntucve1redhat4centos3openvas1ubuntu1