Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAOSRhRMiAK_K1kTtGkHy8_tq9AmN4ncRgpWRP=ehjYX96yKGuA@mail.gmail.com>
Date: Tue, 9 Aug 2011 20:14:42 -0400
From: Dan Rosenberg <dan.j.rosenberg@...il.com>
To: oss-security@...ts.openwall.com
Cc: Moritz Muehlenhoff <jmm@...ian.org>, "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE requests: Two kernel issues

On Tue, Aug 9, 2011 at 6:49 PM, Eugene Teo <eugene@...hat.com> wrote:
> On 08/10/2011 04:42 AM, Moritz Muehlenhoff wrote:>
>> 2. [SCSI] pmcraid: reject negative request size
>> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=b5b515445f4f5a905c5dd27e6e682868ccd6c09d
>
> I don't have a PMC Sierra MaxRAID controller, so I am not sure what's
> the permissions give to /dev/pmcsas%u. I'm checking. Meanwhile, use
> CVE-2011-2906 for this issue.
>
> Thanks, Eugene
>

This isn't a security issue because there's a check for CAP_SYS_ADMIN
on pmcraid_chr_open(), which is necessary to obtain a file descriptor
to the device file in order to call the affected ioctl.  Which is why
I didn't bother CC'ing security@...nel.org. ;-)

-Dan

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.