[kernel-sec-discuss] r993 - active retired

jmm at alioth.debian.org jmm at alioth.debian.org
Fri Oct 5 10:57:14 UTC 2007


Author: jmm
Date: 2007-10-05 10:57:14 +0000 (Fri, 05 Oct 2007)
New Revision: 993

Added:
   retired/CVE-2005-0504
Removed:
   active/CVE-2005-0504
Modified:
   active/CVE-2007-3848
   active/CVE-2007-4133
Log:
retire issue
record upstream fixes


Deleted: active/CVE-2005-0504
===================================================================
--- active/CVE-2005-0504	2007-10-05 06:49:35 UTC (rev 992)
+++ active/CVE-2005-0504	2007-10-05 10:57:14 UTC (rev 993)
@@ -1,36 +0,0 @@
-Candidate: CVE-2005-0504 
-References: 
- MISC:http://www.securitytracker.com/alerts/2005/Feb/1013273.html
-Description: 
- Buffer overflow in the MoxaDriverIoctl function for the moxa serial
- driver (moxa.c) in Linux 2.2.x, 2.4.x, and 2.6.x before 2.6.22 allows
- local users to execute arbitrary code via a certain modified length
- value.
-Ubuntu-Description:
- A buffer overflow was discovered in the Moxa serial driver.  Local
- attackers could execute arbitrary code and gain root privileges.
-Notes:
- Make sure the length we're passing copy_from_user() is never negative or
- too large for moxaBuff.
- dannf> still not upstream as of 2.6.18-rc4, i've poked upstream about it
- dannf> no response from maintainer - poked linux-serial:
-          http://article.gmane.org/gmane.linux.serial/1717
- dannf> no response from linux-serial, poked lkml + Jiri Slaby who has done
-        quite a bit of work on the driver recently:
-          http://lkml.org/lkml/2007/4/30/507
- dannf> dilinger points out in the above thread that its no longer a
-        security issue since a CAP_SYS_RAWIO was added (in 2.6.16).
-Bugs: 
-upstream: released (2.6.16)
-linux-2.6: released (2.6.16-1)
-2.6.8-sarge-security: released (2.6.8-12) [030-moxa_user_copy_checking.dpatch]
-2.4.27-sarge-security: released (2.4.27-8) [125_moxa_bound_checking.diff]
-2.4.19-woody-security: released (2.4.19-4.woody3)
-2.4.18-woody-security: released (2.4.18-14.4)
-2.4.17-woody-security: released (2.4.17-1woody4)
-2.4.16-woody-security: released (2.4.16-1woody3)
-2.4.17-woody-security-hppa: released (32.5)
-2.4.17-woody-security-ia64: released (011226.18)
-2.4.18-woody-security-hppa: released (62.4)
-2.6.18-etch-security: N/A
-2.6.15-dapper-security: released (2.6.15-29.58)

Modified: active/CVE-2007-3848
===================================================================
--- active/CVE-2007-3848	2007-10-05 06:49:35 UTC (rev 992)
+++ active/CVE-2007-3848	2007-10-05 10:57:14 UTC (rev 993)
@@ -12,7 +12,7 @@
  to send signals to processes they would not normally have access to.
 Notes: 
 Bugs: 
-upstream: 
+upstream: released (2.6.22.4)
 linux-2.6: needed
 2.6.18-etch-security: released (2.6.18.dfsg.1-13etch1) [bugfix/reset-pdeathsig-on-suid.patch]
 2.6.8-sarge-security: pending (2.6.8-17sarge1) [reset-pdeathsig-on-suid.dpatch]

Modified: active/CVE-2007-4133
===================================================================
--- active/CVE-2007-4133	2007-10-05 06:49:35 UTC (rev 992)
+++ active/CVE-2007-4133	2007-10-05 10:57:14 UTC (rev 993)
@@ -5,12 +5,13 @@
 Description: 
 Ubuntu-Description: 
 Notes: 
+ jmm> 2.4 doesn't contain hugetlbfs
 Bugs: 
-upstream: 
-linux-2.6: 
+upstream: released (2.6.19)
+linux-2.6: released (2.6.20-1)
 2.6.18-etch-security: released (2.6.18.dfsg.1-13etch4) [bugfix/hugetlb-prio_tree-unit-fix.patch]
 2.6.8-sarge-security: 
-2.4.27-sarge-security: 
+2.4.27-sarge-security: N/A
 2.6.15-dapper-security: 
 2.6.17-edgy-security: 
 2.6.20-feisty-security: 

Copied: retired/CVE-2005-0504 (from rev 990, active/CVE-2005-0504)
===================================================================
--- retired/CVE-2005-0504	                        (rev 0)
+++ retired/CVE-2005-0504	2007-10-05 10:57:14 UTC (rev 993)
@@ -0,0 +1,36 @@
+Candidate: CVE-2005-0504 
+References: 
+ MISC:http://www.securitytracker.com/alerts/2005/Feb/1013273.html
+Description: 
+ Buffer overflow in the MoxaDriverIoctl function for the moxa serial
+ driver (moxa.c) in Linux 2.2.x, 2.4.x, and 2.6.x before 2.6.22 allows
+ local users to execute arbitrary code via a certain modified length
+ value.
+Ubuntu-Description:
+ A buffer overflow was discovered in the Moxa serial driver.  Local
+ attackers could execute arbitrary code and gain root privileges.
+Notes:
+ Make sure the length we're passing copy_from_user() is never negative or
+ too large for moxaBuff.
+ dannf> still not upstream as of 2.6.18-rc4, i've poked upstream about it
+ dannf> no response from maintainer - poked linux-serial:
+          http://article.gmane.org/gmane.linux.serial/1717
+ dannf> no response from linux-serial, poked lkml + Jiri Slaby who has done
+        quite a bit of work on the driver recently:
+          http://lkml.org/lkml/2007/4/30/507
+ dannf> dilinger points out in the above thread that its no longer a
+        security issue since a CAP_SYS_RAWIO was added (in 2.6.16).
+Bugs: 
+upstream: released (2.6.16)
+linux-2.6: released (2.6.16-1)
+2.6.8-sarge-security: released (2.6.8-12) [030-moxa_user_copy_checking.dpatch]
+2.4.27-sarge-security: released (2.4.27-8) [125_moxa_bound_checking.diff]
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
+2.6.18-etch-security: N/A
+2.6.15-dapper-security: released (2.6.15-29.58)




More information about the kernel-sec-discuss mailing list