blob: 7f76542e0ed96f92063ce2cacb16cd631f99a0e0 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
Candidate: CVE-2004-1190
References:
http://www.novell.com/linux/security/advisories/2004_42_kernel.html
http://xforce.iss.net/xforce/xfdb/18370
Description:
SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not
properly check commands sent to CD devices that have been opened read-only,
which could allow local users to conduct unauthorized write activities to
modify the firmware of associated SCSI devices.
.
dannf> skipping for 2.4/sarge3 - not sure if 2.4 is affected, but we should
revisit
Notes:
Bugs: 300162
upstream: released (2.6.10)
linux-2.6: N/A
2.6.8-sarge-security: released (2.6.8-14) [scsi-ioctl-cmd-warned.dpatch, scsi-ioctl-remove-dup.dpatch, scsi-ioctl-permit.dpatch, SG_IO-cap.dpatch, SG_IO-safe-commands-2.dpatch, SG_IO-safe-commands-3.dpatch, SG_IO-safe-commands-5.dpatch]
2.4.27-sarge-security: ignored
2.6.18-etch-security: N/A
|