| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 01 May 2007 09:58:47 +0200 From: Jiri Slaby <jirislaby@...il.com> To: Alan Cox <alan@...rguk.ukuu.org.uk> CC: dann frazier <dannf@...com>, linux-kernel@...r.kernel.org, support@...a.com.tw, dilinger@...ian.org Subject: Re: old buffer overflow in moxa driver Alan Cox napsal(a): >> I noticed that the moxa input checking security bug described by >> CVE-2005-0504 appears to remain unfixed upstream. >> >> The issue is described here: >> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0504 >> >> Debian has been shipping the following patch from Andres Salomon. I >> tried contacting the listed maintainer a few months ago but received >> no response. > > > case MOXA_LOAD_BIOS: > case MOXA_FIND_BOARD: > case MOXA_LOAD_C320B: > case MOXA_LOAD_CODE: > if (!capable(CAP_SYS_RAWIO)) > return -EPERM; > break; > > At the point you abuse these calls you can already just load arbitary > data from userspace anyway. The problem is that we BUG_ON, when len < 0 in copy_from_user which is unlikely something we want to cause? regards, -- http://www.fi.muni.cz/~xslaby/ Jiri Slaby faculty of informatics, masaryk university, brno, cz e-mail: jirislaby gmail com, gpg pubkey fingerprint: B674 9967 0407 CE62 ACC8 22A0 32CC 55C3 39D4 7A7E - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists