On Tuesday 11 January 2011 02:06:20 ext David Miller, you wrote:
From: Dan Carpenter <redacted>
Date: Mon, 10 Jan 2011 17:06:58 +0300
quoted
Dan Rosenberg pointed out that there were some signed comparison bugs
in the phonet protocol.
http://marc.info/?l=full-disclosure&m=129424528425330&w=2
The problem is that we check for array overflows but "protocol" is
signed and we don't check for array underflows. If you have already
have CAP_SYS_ADMIN then you could use the bugs to get root, or someone
could cause an oops by mistake.
Signed-off-by: Dan Carpenter <redacted>
Applied.
Shouldn't this be sent to stable trees?
--
Rémi Denis-Courmont
Nokia Devices R&D, Maemo Software, Helsinki