[kernel-sec-discuss] r918 - active
jmm at alioth.debian.org
jmm at alioth.debian.org
Fri Aug 17 20:10:11 UTC 2007
Author: jmm
Date: 2007-08-17 20:10:11 +0000 (Fri, 17 Aug 2007)
New Revision: 918
Added:
active/CVE-2007-4308
Log:
new issue
Added: active/CVE-2007-4308
===================================================================
--- active/CVE-2007-4308 (rev 0)
+++ active/CVE-2007-4308 2007-08-17 20:10:11 UTC (rev 918)
@@ -0,0 +1,21 @@
+Candidate: CVE-2007-4308
+References:
+ http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.23-rc2
+ http://lkml.org/lkml/2007/7/23/195
+Description:
+ The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI
+ layer ioctl path in aacraid in the Linux kernel before 2.6.23-rc2 do
+ not check permissions for ioctls, which might allow local users to
+ cause a denial of service or gain privileges.
+Ubuntu-Description:
+Notes:
+ jmm> 2.4.27 code is quite different, but appears vulnerable as well
+Bugs:
+upstream: released (2.6.23-rc2)
+linux-2.6: needed
+2.6.18-etch-security: needed
+2.6.8-sarge-security: needed
+2.4.27-sarge-security: needed
+2.6.15-dapper-security:
+2.6.17-edgy-security:
+2.6.20-feisty-security:
More information about the kernel-sec-discuss
mailing list