Bug 175519 - CVE-2004-2607 sdla_xfer casting flaw
CVE-2004-2607 sdla_xfer casting flaw
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: kernel (Show other bugs)
3.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: John W. Linville
Brian Brock
source=cve,reported=20051202,public=2...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-12-12 04:08 EST by Mark J. Cox
Modified: 2007-11-30 17:07 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-12-12 21:27:48 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Mark J. Cox 2005-12-12 04:08:14 EST
The Sangoma frame relay driver could allow local users to read
large portions of kernel memory.

fixed=2.6.5
http://linux.bkbits.net:8080/linux-2.6/cset@4083fdb65KiH8zD6KliRqh6HrON_sw

fixed=2.4.29
http://linux.bkbits.net:8080/linux-2.4/cset@41e2d02a-1uIuT2ka6ipdvsj4sTwJg
Comment 1 Ernie Petrides 2005-12-12 21:27:48 EST
Hi, Mark.  While the RHEL3 version of the net/wan/sdla.c could be improved
with the two (different) fixes referred to above, its ioctl handler is
restricted to super-user usage by virtue of this code in sdla_ioctl():

        if(!capable(CAP_NET_ADMIN))
                return -EPERM;

Given that there is no security hole and that drivers/net/wan is contained
in the RHEL3 "unsupported module" list, I'm closing this as NOTABUG.

Note You need to log in before you can comment on or make changes to this bug.