Candidate: CVE-2004-1190 References: http://www.novell.com/linux/security/advisories/2004_42_kernel.html http://xforce.iss.net/xforce/xfdb/18370 Description: SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not properly check commands sent to CD devices that have been opened read-only, which could allow local users to conduct unauthorized write activities to modify the firmware of associated SCSI devices. . dannf> skipping for 2.4/sarge3 - not sure if 2.4 is affected, but we should revisit Notes: Bugs: 300162 upstream: released (2.6.10) linux-2.6: N/A 2.6.8-sarge-security: released (2.6.8-14) [scsi-ioctl-cmd-warned.dpatch, scsi-ioctl-remove-dup.dpatch, scsi-ioctl-permit.dpatch, SG_IO-cap.dpatch, SG_IO-safe-commands-2.dpatch, SG_IO-safe-commands-3.dpatch, SG_IO-safe-commands-5.dpatch] 2.4.27-sarge-security: ignored 2.6.18-etch-security: N/A