CVE: CAN-2004-0075
Updated: Tue, 06 Jul 2004 14:13:30 +0900
Summary: The Vicam USB driver in Linux before 2.4.25 does not use the
         copy_from_user function when copying data from userspace to 
	 kernel space, which crosses security boundaries and allows 
	 local users to cause a denial of service. (text:CAN-2004-0075)
Priority: Low
Status: Closed
Source: RHSA-2004:065-03
Link:  http://www.ultramonkey.org/news_archive.shtml#2004022000
       http://www.ultramonkey.org/news_archive.shtml#2004062601
Resolved In:
  Kernel: 2.4.25-pre5
  Patch: http://linux.bkbits.net:8080/linux-2.4/cset@1.1267.1.128??index.html
          Note: Only the vicam.c portion
  Red Hat Linux 7.3:
          Vendor:      None (EOL)
          UltraMonkey: kernel-2.4.20-31.9.um.1
  Red Hat Linux 8.0:
          Vendor:      None (EOL)
          UltraMonkey: kernel-2.4.20-31.9.um.1
  Red Hat Linux 9:
          Vendor:      kernel-2.4.20-30.9
          UltraMonkey: kernel-2.4.20-30.9.um.1
  Fedora Core 1:
          Vendor:      kernel-2.4.22-1.2174.nptl
          UltraMonkey: kernel-2.4.22-1.2174.nptl.um.1
  Red Hat Enterprise Linux 3:
          Vendor:      None
          UltraMonkey: kernel-2.4.21-15.0.2.EL.um.1
  Debian Woody:
          Vendor:      None
          UltraMonkey: 2.4.22-1-ipvs_2.4.22-7woody.um.4
  Debian Sid:
          Vendor:      kernel-source-2.4.25_2.4.25-1
          UltraMonkey: kernel-source-2.4.22-1-ipvs_2.4.22-7.um.4