| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 01 May 2007 04:29:27 -0400 From: Andres Salomon <dilinger@...ian.org> To: Jiri Slaby <jirislaby@...il.com> CC: Alan Cox <alan@...rguk.ukuu.org.uk>, dann frazier <dannf@...com>, linux-kernel@...r.kernel.org, support@...a.com.tw Subject: Re: old buffer overflow in moxa driver Jiri Slaby wrote: > Alan Cox napsal(a): >>> I noticed that the moxa input checking security bug described by >>> CVE-2005-0504 appears to remain unfixed upstream. >>> >>> The issue is described here: >>> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0504 >>> >>> Debian has been shipping the following patch from Andres Salomon. I >>> tried contacting the listed maintainer a few months ago but received >>> no response. >> >> case MOXA_LOAD_BIOS: >> case MOXA_FIND_BOARD: >> case MOXA_LOAD_C320B: >> case MOXA_LOAD_CODE: >> if (!capable(CAP_SYS_RAWIO)) >> return -EPERM; >> break; >> >> At the point you abuse these calls you can already just load arbitary >> data from userspace anyway. > > The problem is that we BUG_ON, when len < 0 in copy_from_user which is unlikely > something we want to cause? > > regards, Right; the lack of input checking is most definitely a bug. It's no longer a security issue, as a CAP_SYS_RAWIO check was added at some point to the code path, but it's still a bug. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists