From: dann frazier <dannf@dannf.org>
To: "Steven M. Christey" <coley@linus.mitre.org>
Cc: oss-security@lists.openwall.com, drbd-dev@lists.linbit.com
Subject: Re: [Drbd-dev] [oss-security] CVE request: kernel: connector security bypass
Date: Thu, 11 Mar 2010 15:18:08 -0700 [thread overview]
Message-ID: <20100311221808.GB14859@ldl.fc.hp.com> (raw)
In-Reply-To: <0911021136010.7514@mjc.redhat.com>
On Mon, Nov 02, 2009 at 11:37:21AM +0000, Mark J Cox wrote:
> On Mon, 2 Nov 2009, Eugene Teo wrote:
>
> >1/ uvesafb/connector: Disallow unprivileged users to send netlink packets
> >upstream commit: cc44578b5a508889beb8ae3ccd4d2bbdf17bc86c
> >introduced in v2.6.24-rc1; fixed in v2.6.32-rc3
> >
> >2/ pohmelfs/connector: Disallow unprivileged users to configure pohmelfs
> >upstream commit: 98a5783af02f4c9b87b676d7bbda6258045cfc76
> >(staging/experimental)
> >
> >3/ dst/connector: Disallow unprivileged users to configure dst
> >upstream commit: 5788c56891cfb310e419c4f9ae20427851797431
> >(staging/experimental)
> >
> >4/ dm/connector: Only process connector packages from privileged processes
> >upstream commit: 24836479a126e02be691e073c2b6cad7e7ab836a
> >introduced in v2.6.31-rc1; fixed in v2.6.32-rc3
>
> >References:
> >http://secunia.com/advisories/37113/
> >http://xorl.wordpress.com/2009/10/31/linux-kernel-multiple-capabilities-missing-checks/
Debian provides an out-of-tree drbd module (drbd8), and it appears to
be affected by this issue as well. I assume we need to allocate an
additional CVE ID for it?
Here's a link to the upstream fix:
http://git.drbd.org/?p=drbd-8.3.git;a=commitdiff;h=71915b0d267392c77fe0ae2309535333026cef66
The in-tree version that got merged for 2.6.33 looks fine.
--
dann frazier
next parent reply other threads:[~2010-03-12 9:30 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <4AEEA8FD.2050601@kernel.sg>
[not found] ` <0911021136010.7514@mjc.redhat.com>
2010-03-11 22:18 ` dann frazier [this message]
2010-03-12 9:34 ` [Drbd-dev] [oss-security] CVE request: kernel: connector security bypass Lars Ellenberg
2010-03-12 16:47 ` dann frazier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100311221808.GB14859@ldl.fc.hp.com \
--to=dannf@dannf.org \
--cc=coley@linus.mitre.org \
--cc=drbd-dev@lists.linbit.com \
--cc=oss-security@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox