oss-sec mailing list archives

CVE request: kernel: skfp_ioctl inverted logic flaw

From: Eugene Teo <eugeneteo () kernel sg>
Date: Fri, 20 Feb 2009 15:30:34 +0800

According to the upstream commit
c25b9abbc2c2c0da88e180c3933d6e773245815a "[PATCH] drivers/net/skfp: if
!capable(CAP_NET_ADMIN): inverted logic", there is an inverted logic
flaw in skfp_ioctl(). Non-privileged users should not be able to clear
the driver statistics.

http://lists.openwall.net/netdev/2009/01/28/90
https://bugzilla.redhat.com/show_bug.cgi?id=486534
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c25b9abb

Thanks, Eugene

Current thread:

CVE request: kernel: skfp_ioctl inverted logic flaw Eugene Teo (Feb 19)
- Re: CVE request: kernel: skfp_ioctl inverted logic flaw Steven M. Christey (Feb 22)