Veracode Vulnerability DatabaseVERACODE:23047Arbitrary Code Execution
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
kernel is vulnerable to arbitrary code execution. The vulnerability exists as a flaw in the Omnikey CardMan 4040 driver that allowed a local user to execute arbitrary code with kernel privileges. In order to exploit this issue, the Omnikey CardMan 4040 PCMCIA card must be present and the local user must have access rights to the character device created by the driver.
| CPE | Name | Operator | Version |
|---|---|---|---|
| kernel | eq | 2.6.18__8.el5 | |
| kernel | eq | 2.6.18__8.el5 |
References
fedoranews.org/cms/node/2787
fedoranews.org/cms/node/2788
kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.21-rc3
secunia.com/advisories/24436
secunia.com/advisories/24518
secunia.com/advisories/24777
secunia.com/advisories/24901
secunia.com/advisories/25078
secunia.com/advisories/25691
secunia.com/advisories/26133
secunia.com/advisories/26139
www.debian.org/security/2007/dsa-1286
www.mandriva.com/security/advisories?name=MDKSA-2007:078
www.osvdb.org/33023
www.redhat.com/security/updates/classification/#important
www.redhat.com/support/errata/RHSA-2007-0099.html
www.securityfocus.com/archive/1/462300/100/0/threaded
www.securityfocus.com/archive/1/471457
www.securityfocus.com/bid/22870
www.ubuntu.com/usn/usn-486-1
www.ubuntu.com/usn/usn-489-1
www.vupen.com/english/advisories/2007/0872
access.redhat.com/errata/RHSA-2007:0099
exchange.xforce.ibmcloud.com/vulnerabilities/32880
issues.rpath.com/browse/RPL-1035
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11238
Related
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C