blob: 72028b0d7f7746369aa4569994af971176e32249 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
Candidate: CVE-2004-0587
References:
FEDORA:FEDORA-2004-186
URL:http://lwn.net/Articles/91155/
MANDRAKE:MDKSA-2004:066
URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:066
REDHAT:RHSA-2004:413
URL:http://www.redhat.com/support/errata/RHSA-2004-413.html
REDHAT:RHSA-2004:418
URL:http://www.redhat.com/support/errata/RHSA-2004-418.html
SGI:20040804-01-U
URL:ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc
SUSE:SuSE-SA:2004:010
URL:http://www.novell.com/linux/security/advisories/2004_10_kernel.html
BID:10279
URL:http://www.securityfocus.com/bid/10279
SECTRACK:1010057
URL:http://securitytracker.com/id?1010057
XF:suse-hbaapinode-dos(16062)
URL:http://xforce.iss.net/xforce/xfdb/16062
Description:
Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in Linux
allows local users to cause a denial of service.
Notes:
2.4.26-3 has the note:
CVE-2004-0587 code is not present, not vulnerable
So the question is, did the code get added when we moved to 2.4.27, and
was it still vulnerable?
dannf> Nope; qla2xxx isn't in 2.4.27
Bugs:
upstream:
linux-2.6: N/A
2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
2.4.19-woody-security: N/A
2.4.18-woody-security: N/A
2.4.17-woody-security: N/A
2.4.16-woody-security: N/A
2.4.17-woody-security-hppa: N/A
2.4.17-woody-security-ia64: needed
2.4.18-woody-security-hppa: N/A
|
