oss-sec mailing list archives
CVE request: kernel: connector security bypass
From: Eugene Teo <eugeneteo () kernel sg>
Date: Mon, 02 Nov 2009 17:40:13 +0800
1/ uvesafb/connector: Disallow unprivileged users to send netlink packets upstream commit: cc44578b5a508889beb8ae3ccd4d2bbdf17bc86c introduced in v2.6.24-rc1; fixed in v2.6.32-rc3 2/ pohmelfs/connector: Disallow unprivileged users to configure pohmelfs upstream commit: 98a5783af02f4c9b87b676d7bbda6258045cfc76 (staging/experimental) 3/ dst/connector: Disallow unprivileged users to configure dst upstream commit: 5788c56891cfb310e419c4f9ae20427851797431 (staging/experimental) 4/ dm/connector: Only process connector packages from privileged processes upstream commit: 24836479a126e02be691e073c2b6cad7e7ab836a introduced in v2.6.31-rc1; fixed in v2.6.32-rc3 2/ and 3/ are experimental; I doubt distros are supporting these.1/ and 4/ fixed similar issues, so perhaps we should just have one CVE name for this.
References: http://secunia.com/advisories/37113/ http://xorl.wordpress.com/2009/10/31/linux-kernel-multiple-capabilities-missing-checks/ Thanks, Eugene
Current thread:
- CVE request: kernel: connector security bypass Eugene Teo (Nov 02)
- Re: CVE request: kernel: connector security bypass Mark J Cox (Nov 02)