oss-sec mailing list archives
Re: CVE request: kernel: watchdog: ib700wdt.c - buffer_underflow bug
From: "Steven M. Christey" <coley () linus mitre org>
Date: Wed, 24 Dec 2008 12:53:38 -0500 (EST)
On Mon, 22 Dec 2008, Eugene Teo wrote:
I discussed this with Wim, and it depends on the permissions for the miscdev device, /dev/watchdog. On Fedora, it's accessible by root user only.
One of our CVE analysts found a concrete case; how common it is, is another question: www.stlinux.com/docs/manual/distribution/distribution_guide17.php shows an example of "crw-rw-rw-" permissions for /dev/watchdog. Thus, it is plausible that the IOCTL call is available to unprivileged users in some or all Linux distributions. Even if these permissions are not the default, users might reasonably decide to manually set these permissions if they happen to do a web search for "/dev/watchdog permissions" and find this stlinux.com page. Use CVE-2008-5702 - Steve ====================================================== Name: CVE-2008-5702 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5702 Reference: MLIST:[linux-kernel] 20081005 [PATCH 04/19] ib700wdt: Fix off by one Reference: URL:http://lkml.org/lkml/2008/10/5/173 Reference: MLIST:[oss-security] 20081210 CVE request: kernel: watchdog: ib700wdt.c - buffer_underflow bug Reference: URL:http://openwall.com/lists/oss-security/2008/12/10/2 Reference: MLIST:[oss-security] 20081216 Re: CVE request: kernel: watchdog: ib700wdt.c - buffer_underflow bug Reference: URL:http://openwall.com/lists/oss-security/2008/12/17/6 Reference: MLIST:[oss-security] 20081217 Re: CVE request: kernel: watchdog: ib700wdt.c - buffer_underflow bug Reference: URL:http://openwall.com/lists/oss-security/2008/12/17/9 Reference: MLIST:[oss-security] 20081217 Re: CVE request: kernel: watchdog: ib700wdt.c - buffer_underflow bug Reference: URL:http://openwall.com/lists/oss-security/2008/12/17/20 Reference: CONFIRM:http://bugzilla.kernel.org/show_bug.cgi?id=11399 Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=7c2500f17d65092d93345f3996cf82ebca17e9ff Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.28-rc1 Buffer underflow in the ibwdt_ioctl function in drivers/watchdog/ib700wdt.c in the Linux kernel before 2.6.28-rc1 might allow local users to have an unknown impact via a certain /dev/watchdog WDIOC_SETTIMEOUT IOCTL call.
Current thread:
- CVE request: kernel: watchdog: ib700wdt.c - buffer_underflow bug Eugene Teo (Dec 09)
- Re: CVE request: kernel: watchdog: ib700wdt.c - buffer_underflow bug Steven M. Christey (Dec 16)
- Re: CVE request: kernel: watchdog: ib700wdt.c - buffer_underflow bug Eugene Teo (Dec 16)
- Re: CVE request: kernel: watchdog: ib700wdt.c - buffer_underflow bug Marcus Meissner (Dec 17)
- Re: CVE request: kernel: watchdog: ib700wdt.c - buffer_underflow bug Eugene Teo (Dec 21)
- Re: CVE request: kernel: watchdog: ib700wdt.c - buffer_underflow bug Steven M. Christey (Dec 24)
- Re: CVE request: kernel: watchdog: ib700wdt.c - buffer_underflow bug Eugene Teo (Dec 16)
- Re: CVE request: kernel: watchdog: ib700wdt.c - buffer_underflow bug Steven M. Christey (Dec 16)