summaryrefslogtreecommitdiffstats
path: root/retired/CVE-2004-1190
blob: 7f76542e0ed96f92063ce2cacb16cd631f99a0e0 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
Candidate: CVE-2004-1190
References: 
 http://www.novell.com/linux/security/advisories/2004_42_kernel.html
 http://xforce.iss.net/xforce/xfdb/18370
Description:
 SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not
 properly check commands sent to CD devices that have been opened read-only,
 which could allow local users to conduct unauthorized write activities to
 modify the firmware of associated SCSI devices.
 .
 dannf> skipping for 2.4/sarge3 - not sure if 2.4 is affected, but we should
        revisit
Notes: 
Bugs: 300162
upstream: released (2.6.10)
linux-2.6: N/A
2.6.8-sarge-security: released (2.6.8-14) [scsi-ioctl-cmd-warned.dpatch, scsi-ioctl-remove-dup.dpatch, scsi-ioctl-permit.dpatch, SG_IO-cap.dpatch, SG_IO-safe-commands-2.dpatch, SG_IO-safe-commands-3.dpatch, SG_IO-safe-commands-5.dpatch]
2.4.27-sarge-security: ignored
2.6.18-etch-security: N/A

© 2014-2024 Faster IT GmbH | imprint | privacy policy