oss-sec mailing list archives
CVE request: kernel: skfp_ioctl inverted logic flaw
From: Eugene Teo <eugeneteo () kernel sg>
Date: Fri, 20 Feb 2009 15:30:34 +0800
According to the upstream commit c25b9abbc2c2c0da88e180c3933d6e773245815a "[PATCH] drivers/net/skfp: if !capable(CAP_NET_ADMIN): inverted logic", there is an inverted logic flaw in skfp_ioctl(). Non-privileged users should not be able to clear the driver statistics. http://lists.openwall.net/netdev/2009/01/28/90 https://bugzilla.redhat.com/show_bug.cgi?id=486534 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c25b9abb Thanks, Eugene
Current thread:
- CVE request: kernel: skfp_ioctl inverted logic flaw Eugene Teo (Feb 19)
- Re: CVE request: kernel: skfp_ioctl inverted logic flaw Steven M. Christey (Feb 22)