CVE-2007-5093 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2007-5093
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-5093

Description: The disconnect method in the Philips USB Webcam (pwc) driver in Linux kernel 2.6.x before 2.6.22.6 "relies on user space to close the device," which allows user-assisted local attackers to cause a denial of service (USB subsystem hang and CPU consumption in khubd) by not closing the device after the disconnect is invoked. NOTE: this rarely crosses privilege boundaries, unless the attacker can convince the victim to unplug the affected device.

CVE Status: Candidate

References: UBUNTU http://www.ubuntu.com/usn/usn-574-1 http://www.ubuntu.com/usn/usn-558-1 http://www.ubuntu.com/usn/usn-578-1 SAID Secunia Advisory: SA26994 Secunia Advisory: SA28706 Secunia Advisory: SA28170 Secunia Advisory: SA28971 Secunia Advisory: SA29058 Secunia Advisory: SA30294 Secunia Advisory: SA32799 REDHAT http://www.redhat.com/support/errata/RHSA-2008-0275.html http://rhn.redhat.com/errata/RHSA-2008-0972.html MLIST http://marc.info/?l=linux-kernel&m=118880154122548&w=2 http://marc.info/?l=linux-kernel&m=118873457814808&w=2 MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:105 http://www.mandriva.com/security/advisories?name=MDVSA-2008:008 DEBIAN http://www.debian.org/security/2008/dsa-1504 http://www.debian.org/security/2007/dsa-1381 http://www.debian.org/security/2008/dsa-1503 CONFIRM http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.6 BID 25504

Return to the previous page.