oss-sec mailing list archives
Re: CVE request: kernel: applicom: fix an unchecked user ioctl range
From: "Eugene Teo" <eugeneteo () kernel sg>
Date: Wed, 17 Dec 2008 10:07:11 +0800
On Wed, Dec 17, 2008 at 9:55 AM, Steven M. Christey <coley () linus mitre org> wrote:
On Wed, 10 Dec 2008, Eugene Teo wrote:Steve, can you please assign a CVE name. Thanks. http://bugzilla.kernel.org/show_bug.cgi?id=11408 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a7be18dCan the affected IOCTL be accessed by malicious attackers? If it's protected in some sense, maybe it doesn't cross privilege boundaries. Although Linus does mention an "unchecked user ioctl range."
ac_ioctl() does not restrict access to only privileged users, and IndexCard is user-controllable. Thanks, Eugene
Current thread:
- CVE request: kernel: applicom: fix an unchecked user ioctl range Eugene Teo (Dec 09)
- Re: CVE request: kernel: applicom: fix an unchecked user ioctl range Steven M. Christey (Dec 16)
- Re: CVE request: kernel: applicom: fix an unchecked user ioctl range Eugene Teo (Dec 16)
- Re: CVE request: kernel: applicom: fix an unchecked user ioctl range Eugene Teo (Dec 16)
- Re: CVE request: kernel: applicom: fix an unchecked user ioctl range Steven M. Christey (Dec 16)
- Re: Re: CVE request: kernel: applicom: fix an unchecked user ioctl range Marcus Meissner (Dec 17)
- Re: Re: CVE request: kernel: applicom: fix an unchecked user ioctl range Steven M. Christey (Dec 17)
- Re: CVE request: kernel: applicom: fix an unchecked user ioctl range Eugene Teo (Dec 16)
- Re: CVE request: kernel: applicom: fix an unchecked user ioctl range Steven M. Christey (Dec 16)