Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4E41D0A6.4000908@redhat.com>
Date: Wed, 10 Aug 2011 08:28:22 +0800
From: Eugene Teo <eugene@...hat.com>
To: oss-security@...ts.openwall.com
CC: Dan Rosenberg <dan.j.rosenberg@...il.com>,
        Moritz Muehlenhoff <jmm@...ian.org>,
        "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE requests: Two kernel issues

On 08/10/2011 08:14 AM, Dan Rosenberg wrote:
> On Tue, Aug 9, 2011 at 6:49 PM, Eugene Teo <eugene@...hat.com> wrote:
>> On 08/10/2011 04:42 AM, Moritz Muehlenhoff wrote:>
>>> 2. [SCSI] pmcraid: reject negative request size
>>> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=b5b515445f4f5a905c5dd27e6e682868ccd6c09d
>>
>> I don't have a PMC Sierra MaxRAID controller, so I am not sure what's
>> the permissions give to /dev/pmcsas%u. I'm checking. Meanwhile, use
>> CVE-2011-2906 for this issue.
>>
>> Thanks, Eugene
>>
> 
> This isn't a security issue because there's a check for CAP_SYS_ADMIN
> on pmcraid_chr_open(), which is necessary to obtain a file descriptor
> to the device file in order to call the affected ioctl.  Which is why
> I didn't bother CC'ing security@...nel.org. ;-)

Awesome. Rejecting CVE. Back to my holidays :)

Eugene

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.