Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 04 May 2012 09:59:32 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Marcus Meissner <meissner@...e.de>
Subject: Re: CVE Request: more tight ioctl permissions in dl2k
 driver

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/04/2012 01:31 AM, Marcus Meissner wrote:
> Hi,
> 
> Can you please assign a CVE for this issue:
> 
> Stephan Mueller reported lack of capable(CAP_NET_ADMIN) checks in
> private ioctls in the dl2k network card driver.
> 
> The netdev team will probably remove the handling of the
> SIOCDEVPRIVATE* calls from this driver though and not use Jeffs
> patch directly.
> 
> References: http://www.spinics.net/lists/netdev/msg196365.html 
> http://www.spinics.net/lists/netdev/msg196381.html 
> http://www.spinics.net/lists/netdev/msg196382.html 
> https://bugzilla.novell.com/show_bug.cgi?id=758813
> 
> Ciao, Marcus

Please use CVE-2012-2313 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPo/zkAAoJEBYNRVNeJnmTuJMP/1HBcIavIU91xlu5jQUGhpGu
JqUnr4JVsITmxh+knn6G3mReWWNLwaeeNmlrbzbHiYQSje+kBXz/Oa3z/2quEaT2
k8jX/MnNljHCet8o4tbru643EWCep93xLajJvU13jAdgpeuL6Cc/6S/cbLwl3o3B
KzgfHmvSU1c83H+CKqpyqcusT4qUat0PMUXoSaXVCMeDVh1gAjGfxH5LBeJHJ3Dd
blZsMx48NW+U7rDzyJ/m/gq1dsFGQskKgZoau8BLOjNVponP0hJwX7H0SvhkdMtZ
640uihcispn8Ygma3y8MrEx7I3JogCP1gjI/MwqDiDdvBS38b7CQtgdcVdrmshtZ
14ukvkzqpmibJWVzfgXUtCiHBcfI6Xr0kdcoXTrRJ7KSj2e1P6upc649FkfOT03e
Cat6Ll3f34iulhVw6oRA8gWs464+2M37qIhbwUQ9g2yHA2Nk9UTzszKpInMSfrNo
ixfOYJPNQDRezLqt6i0zHWhd80/BVmKKYPA5skWWWAuHRcJXGULEAZfOEj9HIVa/
1VaHbrNIW8nAtXoayJsHt5Gm9m031OQ5+fOzVXviyY/0upUW0uTlpeeC2Rk9KhAL
1RbekalLY4flBsDqAil0+LCjtWd/kIYzZvHLV7V+70NFWSfadruGxXZBUM++l6FQ
rfj/IINY4WNv9LRSnn6+
=GaWO
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ