Date: Fri, 20 Feb 2009 15:30:34 +0800 From: Eugene Teo <eugeneteo@...nel.sg> To: oss-security@...ts.openwall.com Cc: "Steven M. Christey" <coley@...us.mitre.org> Subject: CVE request: kernel: skfp_ioctl inverted logic flaw According to the upstream commit c25b9abbc2c2c0da88e180c3933d6e773245815a "[PATCH] drivers/net/skfp: if !capable(CAP_NET_ADMIN): inverted logic", there is an inverted logic flaw in skfp_ioctl(). Non-privileged users should not be able to clear the driver statistics. http://lists.openwall.net/netdev/2009/01/28/90 https://bugzilla.redhat.com/show_bug.cgi?id=486534 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c25b9abb Thanks, Eugene
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ