oss-sec mailing list archives
Re: CVE Request: more tight ioctl permissions in dl2k driver
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 04 May 2012 09:59:32 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/04/2012 01:31 AM, Marcus Meissner wrote:
Hi, Can you please assign a CVE for this issue: Stephan Mueller reported lack of capable(CAP_NET_ADMIN) checks in private ioctls in the dl2k network card driver. The netdev team will probably remove the handling of the SIOCDEVPRIVATE* calls from this driver though and not use Jeffs patch directly. References: http://www.spinics.net/lists/netdev/msg196365.html http://www.spinics.net/lists/netdev/msg196381.html http://www.spinics.net/lists/netdev/msg196382.html https://bugzilla.novell.com/show_bug.cgi?id=758813 Ciao, Marcus
Please use CVE-2012-2313 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPo/zkAAoJEBYNRVNeJnmTuJMP/1HBcIavIU91xlu5jQUGhpGu JqUnr4JVsITmxh+knn6G3mReWWNLwaeeNmlrbzbHiYQSje+kBXz/Oa3z/2quEaT2 k8jX/MnNljHCet8o4tbru643EWCep93xLajJvU13jAdgpeuL6Cc/6S/cbLwl3o3B KzgfHmvSU1c83H+CKqpyqcusT4qUat0PMUXoSaXVCMeDVh1gAjGfxH5LBeJHJ3Dd blZsMx48NW+U7rDzyJ/m/gq1dsFGQskKgZoau8BLOjNVponP0hJwX7H0SvhkdMtZ 640uihcispn8Ygma3y8MrEx7I3JogCP1gjI/MwqDiDdvBS38b7CQtgdcVdrmshtZ 14ukvkzqpmibJWVzfgXUtCiHBcfI6Xr0kdcoXTrRJ7KSj2e1P6upc649FkfOT03e Cat6Ll3f34iulhVw6oRA8gWs464+2M37qIhbwUQ9g2yHA2Nk9UTzszKpInMSfrNo ixfOYJPNQDRezLqt6i0zHWhd80/BVmKKYPA5skWWWAuHRcJXGULEAZfOEj9HIVa/ 1VaHbrNIW8nAtXoayJsHt5Gm9m031OQ5+fOzVXviyY/0upUW0uTlpeeC2Rk9KhAL 1RbekalLY4flBsDqAil0+LCjtWd/kIYzZvHLV7V+70NFWSfadruGxXZBUM++l6FQ rfj/IINY4WNv9LRSnn6+ =GaWO -----END PGP SIGNATURE-----
Current thread:
- CVE Request: more tight ioctl permissions in dl2k driver Marcus Meissner (May 04)
- Re: CVE Request: more tight ioctl permissions in dl2k driver Marcus Meissner (May 04)
- Re: CVE Request: more tight ioctl permissions in dl2k driver Kurt Seifried (May 04)
- Re: CVE Request: more tight ioctl permissions in dl2k driver Florian Weimer (May 04)
- Re: CVE Request: more tight ioctl permissions in dl2k driver Marcus Meissner (May 07)