blob: 510fd8f3b67b8cc3d5742ca107dc10851f85c9a0 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
Candidate: CVE-2005-0504
References:
MISC:http://www.securitytracker.com/alerts/2005/Feb/1013273.html
Description:
Buffer overflow in the MoxaDriverIoctl function for the moxa serial
driver (moxa.c) in Linux 2.2.x, 2.4.x, and 2.6.x before 2.6.22 allows
local users to execute arbitrary code via a certain modified length
value.
Ubuntu-Description:
A buffer overflow was discovered in the Moxa serial driver. Local
attackers could execute arbitrary code and gain root privileges.
Notes:
Make sure the length we're passing copy_from_user() is never negative or
too large for moxaBuff.
dannf> still not upstream as of 2.6.18-rc4, i've poked upstream about it
dannf> no response from maintainer - poked linux-serial:
http://article.gmane.org/gmane.linux.serial/1717
dannf> no response from linux-serial, poked lkml + Jiri Slaby who has done
quite a bit of work on the driver recently:
http://lkml.org/lkml/2007/4/30/507
dannf> dilinger points out in the above thread that its no longer a
security issue since a CAP_SYS_RAWIO was added (in 2.6.16).
Bugs:
upstream: released (2.6.16)
linux-2.6: released (2.6.16-1)
2.6.8-sarge-security: released (2.6.8-12) [030-moxa_user_copy_checking.dpatch]
2.4.27-sarge-security: released (2.4.27-8) [125_moxa_bound_checking.diff]
2.4.19-woody-security: released (2.4.19-4.woody3)
2.4.18-woody-security: released (2.4.18-14.4)
2.4.17-woody-security: released (2.4.17-1woody4)
2.4.16-woody-security: released (2.4.16-1woody3)
2.4.17-woody-security-hppa: released (32.5)
2.4.17-woody-security-ia64: released (011226.18)
2.4.18-woody-security-hppa: released (62.4)
2.6.18-etch-security: N/A
2.6.15-dapper-security: released (2.6.15-29.58)
|