On Mon, 30 Apr 2007 16:48:29 -0600 dann frazier <[EMAIL PROTECTED]> wrote:
> hey,
> I noticed that the moxa input checking security bug described by
> CVE-2005-0504 appears to remain unfixed upstream.
>
> The issue is described here:
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0
On Tue, May 01, 2007 at 04:29:27AM -0400, Andres Salomon wrote:
> Right; the lack of input checking is most definitely a bug. It's no
> longer a security issue, as a CAP_SYS_RAWIO check was added at some
> point to the code path, but it's still a bug.
I hadn't noticed this, but yes - the CAP_SYS_
On 5/1/07, Alan Cox <[EMAIL PROTECTED]> wrote:
> > At the point you abuse these calls you can already just load arbitary
> > data from userspace anyway.
>
> So the possible exploit will only work when run by root, is that what you
> mean? If so isn't that still a security problem?
To exploit the
> > At the point you abuse these calls you can already just load arbitary
> > data from userspace anyway.
>
> So the possible exploit will only work when run by root, is that what you
> mean? If so isn't that still a security problem?
To exploit the hole you need CAP_SYS_RAWIO which is the highe
Jiri Slaby wrote:
> Alan Cox napsal(a):
>>> I noticed that the moxa input checking security bug described by
>>> CVE-2005-0504 appears to remain unfixed upstream.
>>>
>>> The issue is described here:
>>> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0504
>>>
>>> Debian has been shipp
Alan Cox napsal(a):
>> I noticed that the moxa input checking security bug described by
>> CVE-2005-0504 appears to remain unfixed upstream.
>>
>> The issue is described here:
>> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0504
>>
>> Debian has been shipping the following patch fro
Wow, I'd forgotten all about this one.
Signed-off-by: Andres Salomon <[EMAIL PROTECTED]>
dann frazier wrote:
> hey,
> I noticed that the moxa input checking security bug described by
> CVE-2005-0504 appears to remain unfixed upstream.
>
> The issue is described here:
> http://cve.mitre.org/
On Tuesday 01 May 2007 02:04:55 Alan Cox wrote:
> > I noticed that the moxa input checking security bug described by
> > CVE-2005-0504 appears to remain unfixed upstream.
> >
> > The issue is described here:
> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0504
> >
> > Debian has been
> I noticed that the moxa input checking security bug described by
> CVE-2005-0504 appears to remain unfixed upstream.
>
> The issue is described here:
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0504
>
> Debian has been shipping the following patch from Andres Salomon. I
> trie
hey,
I noticed that the moxa input checking security bug described by
CVE-2005-0504 appears to remain unfixed upstream.
The issue is described here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0504
Debian has been shipping the following patch from Andres Salomon. I
tried contactin
10 matches
Mail list logo
