On Monday 10 January 2011 16:06:58 ext Dan Carpenter, you wrote:
Dan Rosenberg pointed out that there were some signed comparison bugs
in the phonet protocol.
http://marc.info/?l=full-disclosure&m=129424528425330&w=2
The problem is that we check for array overflows but "protocol" is
signed and we don't check for array underflows. If you have already
have CAP_SYS_ADMIN then you could use the bugs to get root, or someone
could cause an oops by mistake.
Signed-off-by: Dan Carpenter <redacted>
Acked-by: Rémi Denis-Courmont <redacted>
--
Rémi Denis-Courmont
Nokia Devices R&D, Maemo Software, Helsinki