blob: d3adfd460d4f1403afbfe012e9008def9a9ff1f7 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
Candidate: CVE-2006-0096
References:
http://www.kernel.org/git/?p=linux/kernel/git/tglx/history.git;a=commitdiff;h=0f1d4813a4a65296e1131f320a60741732bc068f
http://linux.bkbits.net:8080/linux-2.4/cset@1.1448.91.23?nav=index.html|src/|src/drivers|src/drivers/net|src/drivers/net/wan|related/drivers/net/wan/sdla.c
Description:
Notes:
jmm> This was accidentally released as a fix for CVE-2004-2607 in 2.4.27-8:
jmm>
jmm> diff -Nru a/drivers/net/wan/sdla.c b/drivers/net/wan/sdla.c
jmm> --- a/drivers/net/wan/sdla.c 2005-01-13 08:41:42 -08:00
jmm> +++ b/drivers/net/wan/sdla.c 2005-01-13 08:41:42 -08:00
jmm> @@ -1300,6 +1300,8 @@
jmm>
jmm> case SDLA_WRITEMEM:
jmm> case SDLA_READMEM:
jmm> + if(!capable(CAP_SYS_RAWIO))
jmm> + return -EPERM;
jmm> return(sdla_xfer(dev, (struct sdla_mem *)ifr->ifr_data, cmd == SDLA_READMEM));
jmm>
jmm> case SDLA_START:
horms> I only see reference to CVE-2004-2607 in patch-tracking,
horms> not in the changelog for 2.4.27-8, so I don't think the first line
horms> of the statement above is correct
Bugs:
upstream: released (2.6.11), fixed (2.4.29)
linux-2.6: N/A
2.6.8-sarge-security: released (2.6.8-16sarge2) [net-sdla-coverty.dpatch]
2.4.27-sarge-security: released (2.4.27-8) [129_net_sdla_coverty.diff]
2.4.19-woody-security:
2.4.18-woody-security:
2.4.17-woody-security:
2.4.16-woody-security:
2.4.17-woody-security-hppa:
2.4.17-woody-security-ia64:
|