oss-sec mailing list archives
Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution
From: Steffen Nurpmeso <steffen () sdaoden eu>
Date: Tue, 18 Apr 2023 23:27:20 +0200
0xef967c36 () gmail com wrote in <5e92a8d676a0ddfb5c426f3412bd7aa6.1ab4a9b2@ignited.turnovers>: |On Tue, Apr 18, 2023 at 09:28:22PM +0200, Solar Designer wrote: |> On Tue, Apr 18, 2023 at 08:13:24PM +0300, 0xef967c36 () gmail com wrote: ... |Here is (possibly partial) list of collisions, obtained with uniq -D |from src/ioctlent0.h (a file autogenerated when building strace). ... In that case even the FreeBSD rights(4) (capsicum(4)) manual entry CAP_IOCTL Permit ioctl(2). Be aware that this system call has enormous scope, including potentially global scope for some objects. The list of permitted ioctl commands can be further limited with the cap_ioctls_limit(2) system call. is teethless. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
Current thread:
- Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution, (continued)
- Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Todd C. Miller (Apr 18)
- Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Steffen Nurpmeso (Apr 18)
- Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution nightmare . yeah27 (Apr 19)
- Re: Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Steffen Nurpmeso (Apr 20)
- Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution 0xef967c36 (Apr 18)
- Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Ruihan Li (Apr 18)
- Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution 0xef967c36 (Apr 18)
- Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Solar Designer (Apr 18)
- Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution 0xef967c36 (Apr 18)
- Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Steffen Nurpmeso (Apr 18)