Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 126407 - CAN-2004-0075 Vicam USB user/kernel copying
CAN-2004-0075 Vicam USB user/kernel copying
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: kernel (Show other bugs)
3.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Pete Zaitcev
Brian Brock
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-06-21 05:53 EDT by Mark J. Cox
Modified: 2007-11-30 17:07 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-04-22 16:17:29 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Candidate #1 (704 bytes, patch)
2005-02-03 15:54 EST, Pete Zaitcev 		no flags Details | Diff
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2005:293 high SHIPPED_LIVE Important: kernel security update 2005-04-22 00:00:00 EDT
Red Hat Product Errata RHSA-2005:294 normal SHIPPED_LIVE Moderate: Updated kernel packages available for Red Hat Enterprise Linux 3 Update 5 2005-05-18 00:00:00 EDT

  None (edit)
Description Mark J. Cox 2004-06-21 05:53:15 EDT 
"The Vicam USB driver does not use the copy_from_user function when
copying data from userspace to kernel space, which crosses security
boundaries and allows local users to cause a denial of service."

(Note for RHEL3 this driver is in unsupported)

patches and details at:
http://marc.theaimsgroup.com/?l=linux-kernel&m=108197561914277 and
http://marc.theaimsgroup.com/?l=linux-kernel&m=108202386509206
Comment 1 Ernie Petrides 2004-06-21 19:55:51 EDT 
Pete, since this driver is unsupported in RHEL3, fixing this problem
is not justified in a security errata or in U3.  But I'd like to get
a fix in during U4, since the patches are available and simple.
Comment 2 Pete Zaitcev 2005-02-03 15:48:30 EST 
The second patch is not applicable, we have that hole plugged already.
Comment 3 Pete Zaitcev 2005-02-03 15:54:31 EST 
Created attachment 110621 [details]
Candidate #1
Comment 4 Ernie Petrides 2005-02-09 22:34:03 EST 
A fix for this problem has just been committed to the RHEL3 U5
patch pool this evening (in kernel version 2.4.21-27.12.EL).
Comment 5 Ernie Petrides 2005-04-13 20:12:32 EDT 
A fix for this problem has also been committed to the RHEL3 E5
patch pool this evening (in kernel version 2.4.21-27.0.3.EL).
Comment 6 Josh Bressers 2005-04-22 16:17:29 EDT 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-293.html
Comment 7 Tim Powers 2005-05-18 09:27:41 EDT 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-294.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.