On Tuesday 01 May 2007 02:04:55 Alan Cox wrote: > > I noticed that the moxa input checking security bug described by > > CVE-2005-0504 appears to remain unfixed upstream. > > > > The issue is described here: > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0504 > > > > Debian has been shipping the following patch from Andres Salomon. I > > tried contacting the listed maintainer a few months ago but received > > no response. > > case MOXA_LOAD_BIOS: > case MOXA_FIND_BOARD: > case MOXA_LOAD_C320B: > case MOXA_LOAD_CODE: > if (!capable(CAP_SYS_RAWIO)) > return -EPERM; > break; > > At the point you abuse these calls you can already just load arbitary > data from userspace anyway. So the possible exploit will only work when run by root, is that what you mean? If so isn't that still a security problem? Sorry if I misunderstood what you said. Regards, ismail
Attachment:
signature.asc
Description: This is a digitally signed message part.
- Follow-Ups:
- Re: old buffer overflow in moxa driver
- From: Alan Cox <[email protected]>
- Re: old buffer overflow in moxa driver
- References:
- old buffer overflow in moxa driver
- From: dann frazier <[email protected]>
- Re: old buffer overflow in moxa driver
- From: Alan Cox <[email protected]>
- old buffer overflow in moxa driver
- Prev by Date: Re: 2.6.22 -mm merge plans
- Next by Date: Re: [BUG] 2.6.21: Kernel won't boot with either/both of CONFIG_NO_HZ, CONFIG_HIGH_RES_TIMERS
- Previous by thread: Re: old buffer overflow in moxa driver
- Next by thread: Re: old buffer overflow in moxa driver
- Index(es):
 |