retire more issues

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1142 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 25 insertions, 0 deletions

diff --git a/retired/CVE-2007-4308 b/retired/CVE-2007-4308
new file mode 100644
index 00000000..b4aec26f
--- /dev/null
+++ b/retired/CVE-2007-4308
@@ -0,0 +1,25 @@
+Candidate: CVE-2007-4308
+References: 
+ http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.23-rc2
+ http://lkml.org/lkml/2007/7/23/195
+ linux-2.6 commit 719be62903a6e6419789557cb3ed0e840d3e4ca9
+Description: 
+ The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI
+ layer ioctl path in aacraid in the Linux kernel before 2.6.23-rc2 do
+ not check permissions for ioctls, which might allow local users to
+ cause a denial of service or gain privileges.
+Ubuntu-Description: 
+ It was discovered that the aacraid SCSI driver did not correctly check
+ permissions on certain ioctls.  A local attacker could cause a denial
+ of service or gain privileges.
+Notes: 
+ jmm> 2.4.27 code is quite different, but appears vulnerable as well
+Bugs: 443694
+upstream: released (2.6.23-rc2)
+linux-2.6: released (2.6.22-4)
+2.6.18-etch-security: released (2.6.18.dfsg.1-13etch2) [bugfix/aacraid-ioctl-perm-check.patch]
+2.6.8-sarge-security: released (2.6.8-17sarge1) [aacraid-ioctl-perm-check.dpatch]
+2.4.27-sarge-security: released (2.4.27-10sarge6) [262_aacraid-ioctl-perm-check.diff]
+2.6.15-dapper-security: released (2.6.15-29.58)
+2.6.17-edgy-security: released (2.6.17.1-12.40)
+2.6.20-feisty-security: released (2.6.20-16.31)