Bug 474495 (CVE-2008-5700)

Summary: CVE-2008-5700 kernel: enforce a minimum SG_IO timeout
Product: [Other] Security Response Reporter: Eugene Teo (Security Response) <eteo>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: anton, bhu, dhoward, jpirko, lgoncalv, lwang, peterm, qcai, security-response-team, vgoyal, williams
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-12-24 03:50:12 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 475403, 475404, 475405, 475406, 475407    
Bug Blocks:    
Attachments:
Description Flags
Upstream patch none

Description Eugene Teo (Security Response) 2008-12-04 02:20:10 UTC 
From Alan Cox:

Looks like libata needs to enforce sensible minimum timeouts on SG_IO
requests otherwise the code below (especially run ten at a time) which I was
using to try and duplicate the kerneloops logged errors produces long spews
of errors and forces the drives into PIO run as any user..
Comment 3 Eugene Teo (Security Response) 2008-12-09 03:12:00 UTC 
Consensus is to enforce a minimum 7 second timeout (which is the timeout windoze uses for general commands on ATA).

You need to be able to open the cdrom device (i.e. login as a normal user from the console and then access it via ssh) or access to /dev/sg* which is root only in all sane systems.
Comment 4 Eugene Teo (Security Response) 2008-12-09 03:24:17 UTC 
Upstream patch:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f2f1fa78a155524b849edf359e42a3001ea652c0
Comment 5 Eugene Teo (Security Response) 2008-12-09 03:25:04 UTC 
Created attachment 326257 [details]
Upstream patch
Comment 11 errata-xmlrpc 2009-03-12 14:41:18 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4

Via RHSA-2009:0331 http://rhn.redhat.com/errata/RHSA-2009:0331.html
Comment 12 errata-xmlrpc 2009-04-01 08:31:07 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2009:0326 https://rhn.redhat.com/errata/RHSA-2009-0326.html
Comment 15 Vincent Danen 2010-12-24 03:50:12 UTC 
This was also addressed via:

MRG Realtime for RHEL 5 Server (RHSA-2009:0053)