> I noticed that the moxa input checking security bug described by > CVE-2005-0504 appears to remain unfixed upstream. > > The issue is described here: > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0504 > > Debian has been shipping the following patch from Andres Salomon. I > tried contacting the listed maintainer a few months ago but received > no response.
case MOXA_LOAD_BIOS: case MOXA_FIND_BOARD: case MOXA_LOAD_C320B: case MOXA_LOAD_CODE: if (!capable(CAP_SYS_RAWIO)) return -EPERM; break; At the point you abuse these calls you can already just load arbitary data from userspace anyway. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/