87534 – Kernel: unrestricted N_MOUSE line discipline (CAN-2005-0839)

Bug 87534 - Kernel: unrestricted N_MOUSE line discipline (CAN-2005-0839)

Summary: Kernel: unrestricted N_MOUSE line discipline (CAN-2005-0839)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All All

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	[linux < 2.6.11]
Keywords:

Depends on:
Blocks:

Reported:	2005-04-01 03:16 UTC by Thierry Carrez (RETIRED)
Modified:	2009-05-03 15:07 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thierry Carrez (RETIRED) gentoo-dev

2005-04-01 03:16:18 UTC

From Ubuntu Security Notice USN-103-1

Previous kernels did not restrict the use of the N_MOUSE line
discipline in the serial driver. This allowed an unprivileged user to
inject mouse movement and/or keystrokes (using the sunkbd driver) into
the input subsystem, taking over the console or an X session, where
another user is logged in.  (CAN-2005-0839)

Comment 1 Daniel Drake (RETIRED) gentoo-dev

2005-04-01 06:08:56 UTC

Fix is here:
http://linux.bkbits.net:8080/linux-2.6/cset@41fa6464E1UuGu6zmketEYxm73KSyQ

Affects kernels up to 2.6.11

gentoo-sources-2.6 unaffected

Comment 2 Joshua Kinard gentoo-dev

2005-04-23 22:29:53 UTC

mips-sources fixed.

Comment 3 Tim Yamin (RETIRED) gentoo-dev

2005-08-15 15:44:37 UTC

All fixed, closing bug.

Comment 4 Robert Buchholz (RETIRED) gentoo-dev

2009-05-03 15:07:42 UTC

commit f7254f4ac465c2cca9729ec508f3053cc5e88fa3
Author: Vojtech Pavlik <vojtech@suse.cz>

    input: Only root should be able to set the N_MOUSE line discipline.