[kernel] r5184 - patch-tracking
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Tue Jan 3 00:10:45 UTC 2006
Author: jmm-guest
Date: Tue Jan 3 00:10:45 2006
New Revision: 5184
Added:
patch-tracking/CVE-2004-1190
Log:
another probably vendor-specific issue
Added: patch-tracking/CVE-2004-1190
==============================================================================
--- (empty file)
+++ patch-tracking/CVE-2004-1190 Tue Jan 3 00:10:45 2006
@@ -0,0 +1,24 @@
+Candidate: CVE-2004-1190
+References:
+ http://www.novell.com/linux/security/advisories/2004_42_kernel.html
+ http://xforce.iss.net/xforce/xfdb/18370
+Description:
+ SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not
+ properly check commands sent to CD devices that have been opened read-only,
+ which could allow local users to conduct unauthorized write activities to
+ modify the firmware of associated SCSI devices.
+Notes:
+ jmm> I'll ask the SuSE security guys for confirmation, whether this is
+ jmm> SuSE-specific
+Bugs:
+upstream:
+linux-2.6:
+2.6.8-sarge-security:
+2.4.27-sarge-security:
+2.6.8:
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
More information about the Kernel-svn-changes
mailing list