[Secure-testing-commits] r577 - sarge-checks/CAN

Micah Anderson micah@costa.debian.org
Fri, 18 Mar 2005 05:54:05 +0100 

Author: micah
Date: 2005-03-18 05:54:01 +0100 (Fri, 18 Mar 2005)
New Revision: 577

Modified:
   sarge-checks/CAN/list
Log:
Bug numbers for CAN-2004-1191 and CAN-2004-1190


Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list	2005-03-18 01:24:58 UTC (rev 576)
+++ sarge-checks/CAN/list	2005-03-18 04:54:01 UTC (rev 577)
@@ -3066,18 +3066,20 @@
 CAN-2004-1192 (Format string vulnerability in the lprintf function in Citadel/UX 6.27 ...)
 	NOTE: not-for-us (Citadel/UX)
 CAN-2004-1191 (Race condition in SuSE Linux 8.1 through 9.2, when run on SMP systems ...)
-	TODO: come back to this one micah
 	NOTE: joshk says he doesn't understand this one
-	NOTE: looks like 2.4 is ok, 2.6.8 is vulnerable
+	NOTE: 2.4.27 is ok, 2.6.8 is vulnerable, 2.6.10 is ok
+	NOTE: http://xforce.iss.net/xforce/xfdb/18137
+	NOTE: 2.6.8 needs this patch: http://linux.bkbits.net:8080/linux-2.6/patch@1.1938.197.15?nav=cset@1.1938.197.15
+	kernel-source-2.6.8 (unfixed; bug #300163)
 CAN-2004-1190 (SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not ...)
-	NOTE: There are no useful details to be found on this, only vague information, I've tried to
-	NOTE: extract the patches from Suse kernels, to no avail, I've emailed some suse people...
+	NOTE: Response from Suse people reveals that http://linux.bkbits.net:8080/linux-2.6/hist/drivers/block/scsi_ioctl.c
+	NOTE: has a misleading entry titled "Fix exploitable hole"
 	NOTE: http://www.securityfocus.com/advisories/7579
 	NOTE: http://xforce.iss.net/xforce/xfdb/18370
-	NOTE: <joshk> i've officially no idea what the bug is
 	NOTE: Response from Marcus Meissner <meissner@suse.de> saying the patch was integrated in upstream 2.6.8
-	NOTE: I verified in 2.6.8, 2.6.9 and 2.6.10 this patch exists, however 2.4 has a totally different scsi layer
-	TODO: check with kernel team about 2.4
+	NOTE: on further clarification he said that further fixes to this patch were made after 2.6.8 so only
+	NOTE: 2.6.10 is actually fixed, but 2.6.8 is not
+	kernel-source-2.6.8 (unfixed; bug #300162)
 CAN-2004-1189 (The add_to_history function in svr_principal.c in libkadm5srv for MIT ...)
 	{DSA-629-1}
 CAN-2004-1188 (The pnm_get_chunk function in xine 0.99.2 and earlier, and other ...)