oss-sec mailing list archives

CVE Request: more tight ioctl permissions in dl2k driver

From: Marcus Meissner <meissner () suse de>
Date: Fri, 4 May 2012 09:31:44 +0200

Hi,

Can you please assign a CVE for this issue:

Stephan Mueller reported lack of capable(CAP_NET_ADMIN) checks
in private ioctls in the dl2k network card driver.

The netdev team will probably remove the handling of the SIOCDEVPRIVATE*
calls from this driver though and not use Jeffs patch directly.

References:
        http://www.spinics.net/lists/netdev/msg196365.html
        http://www.spinics.net/lists/netdev/msg196381.html
        http://www.spinics.net/lists/netdev/msg196382.html
        https://bugzilla.novell.com/show_bug.cgi?id=758813

Ciao, Marcus

Current thread:

CVE Request: more tight ioctl permissions in dl2k driver Marcus Meissner (May 04)
- Re: CVE Request: more tight ioctl permissions in dl2k driver Marcus Meissner (May 04)
- Re: CVE Request: more tight ioctl permissions in dl2k driver Kurt Seifried (May 04)
- Re: CVE Request: more tight ioctl permissions in dl2k driver Florian Weimer (May 04)
  - Re: CVE Request: more tight ioctl permissions in dl2k driver Marcus Meissner (May 07)