CVE-2004-0658

Name of the Vulnerable Software and Affected Versions IEEE 1394 (Firewire) driver versions 2.4 and 2.6

Description The issue is related to an integer overflow in the hpsb alloc packet function, which can be exploited by local users to cause a denial of service or possibly execute arbitrary code. This can be achieved through the functions raw1394 write, state connected, handle remote request, or hpsb make writebpacket.

Recommendations For IEEE 1394 (Firewire) driver version 2.4, consider disabling the raw1394 write function as a temporary workaround until a patch is available. For IEEE 1394 (Firewire) driver version 2.6, restrict access to the state connected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.