From 4cea91d7d0df3ed16fce4559fa29ddd55461f0ca Mon Sep 17 00:00:00 2001
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Fri, 5 Oct 2007 10:57:14 +0000
Subject: retire issue record upstream fixes

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@993 e094ebfe-e918-0410-adfb-c712417f3574
---
 retired/CVE-2005-0504 | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 retired/CVE-2005-0504

(limited to 'retired/CVE-2005-0504')

diff --git a/retired/CVE-2005-0504 b/retired/CVE-2005-0504
new file mode 100644
index 00000000..510fd8f3
--- /dev/null
+++ b/retired/CVE-2005-0504
@@ -0,0 +1,36 @@
+Candidate: CVE-2005-0504 
+References: 
+ MISC:http://www.securitytracker.com/alerts/2005/Feb/1013273.html
+Description: 
+ Buffer overflow in the MoxaDriverIoctl function for the moxa serial
+ driver (moxa.c) in Linux 2.2.x, 2.4.x, and 2.6.x before 2.6.22 allows
+ local users to execute arbitrary code via a certain modified length
+ value.
+Ubuntu-Description:
+ A buffer overflow was discovered in the Moxa serial driver.  Local
+ attackers could execute arbitrary code and gain root privileges.
+Notes:
+ Make sure the length we're passing copy_from_user() is never negative or
+ too large for moxaBuff.
+ dannf> still not upstream as of 2.6.18-rc4, i've poked upstream about it
+ dannf> no response from maintainer - poked linux-serial:
+          http://article.gmane.org/gmane.linux.serial/1717
+ dannf> no response from linux-serial, poked lkml + Jiri Slaby who has done
+        quite a bit of work on the driver recently:
+          http://lkml.org/lkml/2007/4/30/507
+ dannf> dilinger points out in the above thread that its no longer a
+        security issue since a CAP_SYS_RAWIO was added (in 2.6.16).
+Bugs: 
+upstream: released (2.6.16)
+linux-2.6: released (2.6.16-1)
+2.6.8-sarge-security: released (2.6.8-12) [030-moxa_user_copy_checking.dpatch]
+2.4.27-sarge-security: released (2.4.27-8) [125_moxa_bound_checking.diff]
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
+2.6.18-etch-security: N/A
+2.6.15-dapper-security: released (2.6.15-29.58)
-- 
cgit v1.2.3