[kernel-sec-discuss] r934 - active
keescook-guest at alioth.debian.org
keescook-guest at alioth.debian.org
Fri Aug 31 00:17:38 UTC 2007
Author: keescook-guest
Date: 2007-08-31 00:17:38 +0000 (Fri, 31 Aug 2007)
New Revision: 934
Modified:
active/CVE-2005-0504
active/CVE-2007-2242
active/CVE-2007-3104
active/CVE-2007-3105
active/CVE-2007-3848
active/CVE-2007-4308
Log:
dapper released; descriptions updated
Modified: active/CVE-2005-0504
===================================================================
--- active/CVE-2005-0504 2007-08-30 23:56:26 UTC (rev 933)
+++ active/CVE-2005-0504 2007-08-31 00:17:38 UTC (rev 934)
@@ -2,9 +2,16 @@
References:
MISC:http://www.securitytracker.com/alerts/2005/Feb/1013273.html
Description:
+ Buffer overflow in the MoxaDriverIoctl function for the moxa serial
+ driver (moxa.c) in Linux 2.2.x, 2.4.x, and 2.6.x before 2.6.22 allows
+ local users to execute arbitrary code via a certain modified length
+ value.
+Ubuntu-Description:
+ A buffer overflow was discovered in the Moxa serial driver. Local
+ attackers could execute arbitrary code and gain root privileges.
+Notes:
Make sure the length we're passing copy_from_user() is never negative or
too large for moxaBuff.
-Notes:
dannf> still not upstream as of 2.6.18-rc4, i've poked upstream about it
dannf> no response from maintainer - poked linux-serial:
http://article.gmane.org/gmane.linux.serial/1717
@@ -26,4 +33,4 @@
2.4.17-woody-security-ia64: released (011226.18)
2.4.18-woody-security-hppa: released (62.4)
2.6.18-etch-security: N/A
-2.6.15-dapper-security: pending (2.6.15-29.58)
+2.6.15-dapper-security: released (2.6.15-29.58)
Modified: active/CVE-2007-2242
===================================================================
--- active/CVE-2007-2242 2007-08-30 23:56:26 UTC (rev 933)
+++ active/CVE-2007-2242 2007-08-31 00:17:38 UTC (rev 934)
@@ -25,6 +25,6 @@
2.6.18-etch-security: released (2.6.18.dfsg.1-13etch1) [bugfix/ipv6-disallow-RH0-by-default.patch]
2.6.8-sarge-security:
2.4.27-sarge-security:
-2.6.15-dapper-security: pending (2.6.15-29.58)
+2.6.15-dapper-security: released (2.6.15-29.58)
2.6.17-edgy-security: released (2.6.17.1-11.39) [fee89820efa8e3479b39149dcfb2b1bccdaadedc]
2.6.20-feisty-security: released (2.6.20-16.28)
Modified: active/CVE-2007-3104
===================================================================
--- active/CVE-2007-3104 2007-08-30 23:56:26 UTC (rev 933)
+++ active/CVE-2007-3104 2007-08-31 00:17:38 UTC (rev 934)
@@ -15,6 +15,6 @@
2.6.18-etch-security: ignored (2.6.18.dfsg.1-13etch1) "no upstream fix"
2.6.8-sarge-security:
2.4.27-sarge-security:
-2.6.15-dapper-security: pending (2.6.15-29.58)
+2.6.15-dapper-security: released (2.6.15-29.58)
2.6.17-edgy-security: released (2.6.17.1-12.40) [a8c3f241ea411211c4802098f23a8da309e8bbd1]
2.6.20-feisty-security: pending (2.6.20-16.30) [5ca45c7e9e3d363c7bd3a5419742cb3368baf474]
Modified: active/CVE-2007-3105
===================================================================
--- active/CVE-2007-3105 2007-08-30 23:56:26 UTC (rev 933)
+++ active/CVE-2007-3105 2007-08-31 00:17:38 UTC (rev 934)
@@ -20,6 +20,6 @@
2.6.18-etch-security: pending (2.6.18.dfsg.1-13etch2) [bugfix/random-bound-check-ordering.patch]
2.6.8-sarge-security:
2.4.27-sarge-security:
-2.6.15-dapper-security: pending (2.6.15-29.58)
+2.6.15-dapper-security: released (2.6.15-29.58)
2.6.17-edgy-security: released (2.6.17.1-12.40) [f22710043b7d89b496f7910e9c87ed62519dff14]
2.6.20-feisty-security: pending (2.6.20-16.30) [542a98d0809f0eccc5cf23ed402285e995e0b31e]
Modified: active/CVE-2007-3848
===================================================================
--- active/CVE-2007-3848 2007-08-30 23:56:26 UTC (rev 933)
+++ active/CVE-2007-3848 2007-08-31 00:17:38 UTC (rev 934)
@@ -17,6 +17,6 @@
2.6.18-etch-security: released (2.6.18.dfsg.1-13etch1) [bugfix/reset-pdeathsig-on-suid.patch]
2.6.8-sarge-security: pending (2.6.8-17sarge1) [reset-pdeathsig-on-suid.dpatch]
2.4.27-sarge-security: needed
-2.6.15-dapper-security: pending (2.6.15-29.58)
+2.6.15-dapper-security: released (2.6.15-29.58)
2.6.17-edgy-security: released (2.6.17.1-12.40)
2.6.20-feisty-security: pending (2.6.20-16.30)
Modified: active/CVE-2007-4308
===================================================================
--- active/CVE-2007-4308 2007-08-30 23:56:26 UTC (rev 933)
+++ active/CVE-2007-4308 2007-08-31 00:17:38 UTC (rev 934)
@@ -20,6 +20,6 @@
2.6.18-etch-security: pending (2.6.18.dfsg.1-13etch2) [bugfix/aacraid-ioctl-perm-check.patch]
2.6.8-sarge-security: pending (2.6.8-17sarge1) [aacraid-ioctl-perm-check.dpatch]
2.4.27-sarge-security: needed
-2.6.15-dapper-security: pending (2.6.15-29.58)
+2.6.15-dapper-security: released (2.6.15-29.58)
2.6.17-edgy-security: released (2.6.17.1-12.40)
2.6.20-feisty-security: pending (2.6.20-16.30)
More information about the kernel-sec-discuss
mailing list