Home page logo

oss-sec logo oss-sec mailing list archives

Re: CVE requests: Two kernel issues
From: Dan Rosenberg <dan.j.rosenberg () gmail com>
Date: Tue, 9 Aug 2011 20:14:42 -0400

On Tue, Aug 9, 2011 at 6:49 PM, Eugene Teo <eugene () redhat com> wrote:
On 08/10/2011 04:42 AM, Moritz Muehlenhoff wrote:>
2. [SCSI] pmcraid: reject negative request size

I don't have a PMC Sierra MaxRAID controller, so I am not sure what's
the permissions give to /dev/pmcsas%u. I'm checking. Meanwhile, use
CVE-2011-2906 for this issue.

Thanks, Eugene

This isn't a security issue because there's a check for CAP_SYS_ADMIN
on pmcraid_chr_open(), which is necessary to obtain a file descriptor
to the device file in order to call the affected ioctl.  Which is why
I didn't bother CC'ing security () kernel org  ;-)


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]