oss-sec mailing list archives

Re: CVE request: kernel: applicom: fix an unchecked user ioctl range

From: "Eugene Teo" <eugeneteo () kernel sg>
Date: Wed, 17 Dec 2008 10:10:28 +0800

On Wed, Dec 17, 2008 at 10:07 AM, Eugene Teo <eugeneteo () kernel sg> wrote:

On Wed, Dec 17, 2008 at 9:55 AM, Steven M. Christey
<coley () linus mitre org> wrote:


On Wed, 10 Dec 2008, Eugene Teo wrote:

Steve, can you please assign a CVE name. Thanks.

http://bugzilla.kernel.org/show_bug.cgi?id=11408
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a7be18d


Can the affected IOCTL be accessed by malicious attackers?  If it's
protected in some sense, maybe it doesn't cross privilege boundaries.
Although Linus does mention an "unchecked user ioctl range."


ac_ioctl() does not restrict access to only privileged users, and
IndexCard is user-controllable.


Hmm, there's a comment in the ac_ioctl() that the device for this is
only accessible by root, so if out of range may not matter. Hmm. So,
maybe, maybe not.

Eugene

Current thread:

CVE request: kernel: applicom: fix an unchecked user ioctl range Eugene Teo (Dec 09)
- Re: CVE request: kernel: applicom: fix an unchecked user ioctl range Steven M. Christey (Dec 16)
  - Re: CVE request: kernel: applicom: fix an unchecked user ioctl range Eugene Teo (Dec 16)
    - Re: CVE request: kernel: applicom: fix an unchecked user ioctl range Eugene Teo (Dec 16)
    - Re: CVE request: kernel: applicom: fix an unchecked user ioctl range Steven M. Christey (Dec 16)
    - Re: Re: CVE request: kernel: applicom: fix an unchecked user ioctl range Marcus Meissner (Dec 17)
    - Re: Re: CVE request: kernel: applicom: fix an unchecked user ioctl range Steven M. Christey (Dec 17)