On Mon, 30 Apr 2007 16:48:29 -0600 dann frazier <[EMAIL PROTECTED]> wrote:
> hey,
> I noticed that the moxa input checking security bug described by
> CVE-2005-0504 appears to remain unfixed upstream.
>
> The issue is described here:
>
On Mon, 30 Apr 2007 16:48:29 -0600 dann frazier [EMAIL PROTECTED] wrote:
hey,
I noticed that the moxa input checking security bug described by
CVE-2005-0504 appears to remain unfixed upstream.
The issue is described here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0504
On Tue, May 01, 2007 at 04:29:27AM -0400, Andres Salomon wrote:
> Right; the lack of input checking is most definitely a bug. It's no
> longer a security issue, as a CAP_SYS_RAWIO check was added at some
> point to the code path, but it's still a bug.
I hadn't noticed this, but yes - the
On 5/1/07, Alan Cox <[EMAIL PROTECTED]> wrote:
> > At the point you abuse these calls you can already just load arbitary
> > data from userspace anyway.
>
> So the possible exploit will only work when run by root, is that what you
> mean? If so isn't that still a security problem?
To exploit
> > At the point you abuse these calls you can already just load arbitary
> > data from userspace anyway.
>
> So the possible exploit will only work when run by root, is that what you
> mean? If so isn't that still a security problem?
To exploit the hole you need CAP_SYS_RAWIO which is the
Jiri Slaby wrote:
> Alan Cox napsal(a):
>>> I noticed that the moxa input checking security bug described by
>>> CVE-2005-0504 appears to remain unfixed upstream.
>>>
>>> The issue is described here:
>>> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0504
>>>
>>> Debian has been
Alan Cox napsal(a):
>> I noticed that the moxa input checking security bug described by
>> CVE-2005-0504 appears to remain unfixed upstream.
>>
>> The issue is described here:
>> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0504
>>
>> Debian has been shipping the following patch
Alan Cox napsal(a):
I noticed that the moxa input checking security bug described by
CVE-2005-0504 appears to remain unfixed upstream.
The issue is described here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0504
Debian has been shipping the following patch from Andres
Jiri Slaby wrote:
Alan Cox napsal(a):
I noticed that the moxa input checking security bug described by
CVE-2005-0504 appears to remain unfixed upstream.
The issue is described here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0504
Debian has been shipping the following
At the point you abuse these calls you can already just load arbitary
data from userspace anyway.
So the possible exploit will only work when run by root, is that what you
mean? If so isn't that still a security problem?
To exploit the hole you need CAP_SYS_RAWIO which is the highest
On 5/1/07, Alan Cox [EMAIL PROTECTED] wrote:
At the point you abuse these calls you can already just load arbitary
data from userspace anyway.
So the possible exploit will only work when run by root, is that what you
mean? If so isn't that still a security problem?
To exploit the hole
On Tue, May 01, 2007 at 04:29:27AM -0400, Andres Salomon wrote:
Right; the lack of input checking is most definitely a bug. It's no
longer a security issue, as a CAP_SYS_RAWIO check was added at some
point to the code path, but it's still a bug.
I hadn't noticed this, but yes - the
Wow, I'd forgotten all about this one.
Signed-off-by: Andres Salomon <[EMAIL PROTECTED]>
dann frazier wrote:
> hey,
> I noticed that the moxa input checking security bug described by
> CVE-2005-0504 appears to remain unfixed upstream.
>
> The issue is described here:
>
On Tuesday 01 May 2007 02:04:55 Alan Cox wrote:
> > I noticed that the moxa input checking security bug described by
> > CVE-2005-0504 appears to remain unfixed upstream.
> >
> > The issue is described here:
> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0504
> >
> > Debian has
> I noticed that the moxa input checking security bug described by
> CVE-2005-0504 appears to remain unfixed upstream.
>
> The issue is described here:
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0504
>
> Debian has been shipping the following patch from Andres Salomon. I
>
hey,
I noticed that the moxa input checking security bug described by
CVE-2005-0504 appears to remain unfixed upstream.
The issue is described here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0504
Debian has been shipping the following patch from Andres Salomon. I
tried
hey,
I noticed that the moxa input checking security bug described by
CVE-2005-0504 appears to remain unfixed upstream.
The issue is described here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0504
Debian has been shipping the following patch from Andres Salomon. I
tried
I noticed that the moxa input checking security bug described by
CVE-2005-0504 appears to remain unfixed upstream.
The issue is described here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0504
Debian has been shipping the following patch from Andres Salomon. I
tried
On Tuesday 01 May 2007 02:04:55 Alan Cox wrote:
I noticed that the moxa input checking security bug described by
CVE-2005-0504 appears to remain unfixed upstream.
The issue is described here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0504
Debian has been shipping the
Wow, I'd forgotten all about this one.
Signed-off-by: Andres Salomon [EMAIL PROTECTED]
dann frazier wrote:
hey,
I noticed that the moxa input checking security bug described by
CVE-2005-0504 appears to remain unfixed upstream.
The issue is described here:
20 matches
Mail list logo