Описание
SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not properly check commands sent to CD devices that have been opened read-only, which could allow local users to conduct unauthorized write activities to modify the firmware of associated SCSI devices.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| linux-2.6 | not-affected | package | ||
| kernel-source-2.6.8 | fixed | 2.6.8-14 | sarge | package |
Примечания
Response from Suse people reveals that http://linux.bkbits.net:8080/linux-2.6/hist/drivers/block/scsi_ioctl.c
has a misleading entry titled "Fix exploitable hole"
http://www.securityfocus.com/advisories/7579
http://xforce.iss.net/xforce/xfdb/18370
Response from Marcus Meissner <meissner@suse.de> saying the patch was integrated in upstream 2.6.8
on further clarification he said that further fixes to this patch were made after 2.6.8 so only
2.6.10 is actually fixed, but 2.6.8 is not
EPSS
Связанные уязвимости
SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not properly check commands sent to CD devices that have been opened read-only, which could allow local users to conduct unauthorized write activities to modify the firmware of associated SCSI devices.
SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not properly check commands sent to CD devices that have been opened read-only, which could allow local users to conduct unauthorized write activities to modify the firmware of associated SCSI devices.
SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not properly check commands sent to CD devices that have been opened read-only, which could allow local users to conduct unauthorized write activities to modify the firmware of associated SCSI devices.
EPSS