Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE requests: Two kernel issues
From: Dan Rosenberg <dan.j.rosenberg () gmail com>
Date: Tue, 9 Aug 2011 20:14:42 -0400

On Tue, Aug 9, 2011 at 6:49 PM, Eugene Teo <eugene () redhat com> wrote:
On 08/10/2011 04:42 AM, Moritz Muehlenhoff wrote:>
2. [SCSI] pmcraid: reject negative request size
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=b5b515445f4f5a905c5dd27e6e682868ccd6c09d

I don't have a PMC Sierra MaxRAID controller, so I am not sure what's
the permissions give to /dev/pmcsas%u. I'm checking. Meanwhile, use
CVE-2011-2906 for this issue.

Thanks, Eugene


This isn't a security issue because there's a check for CAP_SYS_ADMIN
on pmcraid_chr_open(), which is necessary to obtain a file descriptor
to the device file in order to call the affected ioctl.  Which is why
I didn't bother CC'ing security () kernel org  ;-)

-Dan


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]