Bug 306591 - (CVE-2007-5093) CVE-2007-5093 kernel PWC driver DoS
CVE-2007-5093 kernel PWC driver DoS
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
public=20070821,reported=20070925,imp...
: Security
Depends On: 308471 308481 308491 308501 308511 308521 308531
Blocks:
  Show dependency treegraph
 
Reported: 2007-09-26 05:37 EDT by Mark J. Cox (Product Security)
Modified: 2009-06-16 02:45 EDT (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-06-16 02:45:59 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Mark J. Cox (Product Security) 2007-09-26 05:37:20 EDT
Linux Kernel USB PWC Driver Local Denial Of Service Vulnerability
        reported as fixed after 2.7.22.6

        If a 'pwc' device is disconnected, and a userspace application
        has the device opened, the USB subsystem will be blocked until
        it's closed. This allows attackers to block the entire USB
        subsystem from further use.

http://git.kernel.org/gitweb.cgi?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=85237f202d46d55c1bffe0c5b1aa3ddc0f1dce4d
Comment 1 Mark J. Cox (Product Security) 2007-09-26 05:40:38 EDT
This is a low/none severity issue; in order to exploit this:

1. a local attacker needs to have the ability to open a connection to the webcam
(which is not the default, only the console user or root would have permissions
to open the connection to the usb port)
2. the attacker needs to convince someone to unplug the webcam

So this attack is only really feasible if the attacker is physically present at
the console (in which case there are much easier ways to DoS the machine).
Comment 3 Red Hat Product Security 2009-06-16 02:45:59 EDT
This issue was addressed in:

Red Hat Enterprise Linux:
  http://rhn.redhat.com/errata/RHSA-2008-0275.html
  http://rhn.redhat.com/errata/RHSA-2008-0972.html

Note You need to log in before you can comment on or make changes to this bug.