oss-sec mailing list archives

CVE-2008-3525 kernel: missing capability checks in sbni_ioctl()

From: Eugene Teo <eteo () redhat com>
Date: Fri, 29 Aug 2008 09:59:05 +0800

I reported some bogus capability checks in the SBNI WAN driver. Proper
capability checks are required for the privileged operations.

This affects both 2.4 and 2.6 kernels. The proposed upstream commit is:
f2455eb176ac87081bbfc9a44b21c7cd2bc1967e.

I have allocated this CVE-2008-3525.

Thanks, Eugene
-- 
Eugene Teo / Red Hat Security Response Team

Current thread:

CVE-2008-3525 kernel: missing capability checks in sbni_ioctl() Eugene Teo (Aug 28)