Date: Tue, 9 Aug 2011 20:14:42 -0400 From: Dan Rosenberg <dan.j.rosenberg@...il.com> To: oss-security@...ts.openwall.com Cc: Moritz Muehlenhoff <jmm@...ian.org>, "Steven M. Christey" <coley@...us.mitre.org> Subject: Re: CVE requests: Two kernel issues On Tue, Aug 9, 2011 at 6:49 PM, Eugene Teo <eugene@...hat.com> wrote: > On 08/10/2011 04:42 AM, Moritz Muehlenhoff wrote:> >> 2. [SCSI] pmcraid: reject negative request size >> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=b5b515445f4f5a905c5dd27e6e682868ccd6c09d > > I don't have a PMC Sierra MaxRAID controller, so I am not sure what's > the permissions give to /dev/pmcsas%u. I'm checking. Meanwhile, use > CVE-2011-2906 for this issue. > > Thanks, Eugene > This isn't a security issue because there's a check for CAP_SYS_ADMIN on pmcraid_chr_open(), which is necessary to obtain a file descriptor to the device file in order to call the affected ioctl. Which is why I didn't bother CC'ing security@...nel.org. ;-) -Dan
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.