Author: dannf Date: Sun Feb 17 18:29:22 2008 New Revision: 10560 Log: * 262_aacraid-ioctl-perm-check.diff [SECURITY] Require admin capabilities to issue ioctls to aacraid devices See CVE-2007-4308
Added: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/262_aacraid-ioctl-perm-check.diff Modified: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6 Modified: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog ============================================================================== --- dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog (original) +++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog Sun Feb 17 18:29:22 2008 @@ -70,8 +70,11 @@ incorrectly promoted return values in bad_inode_ops This patches changes the kernel ABI. See CVE-2006-5753 + * 262_aacraid-ioctl-perm-check.diff + [SECURITY] Require admin capabilities to issue ioctls to aacraid devices + See CVE-2007-4308 - -- dann frazier <[EMAIL PROTECTED]> Thu, 14 Feb 2008 14:48:39 -0700 + -- dann frazier <[EMAIL PROTECTED]> Thu, 14 Feb 2008 14:51:41 -0700 kernel-source-2.4.27 (2.4.27-10sarge5) stable-security; urgency=high Added: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/262_aacraid-ioctl-perm-check.diff ============================================================================== --- (empty file) +++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/262_aacraid-ioctl-perm-check.diff Sun Feb 17 18:29:22 2008 @@ -0,0 +1,32 @@ +commit c6cd2bb1a74822d28a4c2d26f169b781820168da +Author: dann frazier <[EMAIL PROTECTED]> +Date: Tue Feb 5 03:33:28 2008 -0700 + + 2.4: [SCSI] aacraid: Fix security hole + + This is a 2.4 backport of a linux-2.6 change by Alan Cox. + (commit 60395bb60e0b5e4e0808ac8eb07a92f6c9cdea1f) + + It has been build-tested only (I don't have the hardware). + CVE-2007-4308 was assigned for this issue. + + Commit log from 2.6 follows. + + On the SCSI layer ioctl path there is no implicit permissions check for + ioctls (and indeed other drivers implement unprivileged ioctls). aacraid + however allows all sorts of very admin only things to be done so should + check. + +diff --git a/drivers/scsi/aacraid/linit.c b/drivers/scsi/aacraid/linit.c +index 57d0a40..c6d7bdf 100644 +--- a/drivers/scsi/aacraid/linit.c ++++ b/drivers/scsi/aacraid/linit.c +@@ -683,6 +683,8 @@ static int aac_cfg_release(struct inode * inode, struct file * file ) + static int aac_cfg_ioctl(struct inode * inode, struct file * file, unsigned int cmd, unsigned long arg ) + { + struct aac_dev *dev = aac_devices[MINOR(inode->i_rdev)]; ++ if (!capable(CAP_SYS_ADMIN)) ++ return -EPERM; + return aac_do_ioctl(dev, cmd, (void *)arg); + } + Modified: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6 ============================================================================== --- dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6 (original) +++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6 Sun Feb 17 18:29:22 2008 @@ -21,3 +21,4 @@ + 259_ext2_readdir-infinite-loop.diff + 260_ext2-skip-pages-past-num-blocks.diff + 261_listxattr-mem-corruption.diff ++ 262_aacraid-ioctl-perm-check.diff _______________________________________________ Kernel-svn-changes mailing list Kernel-svn-changes@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes