reading through drivers/cdrom/cdrom.c:dvd_read_bca() shows a potential bufferoverflow. buf[4+188] is allocated on the stack, however cgc.cmd[9] and cgc.buflen are set to 255. This can be exploited by a custom made USB Storage device and used for local privilege escalation. (aka plug-in this usb device to get root). Steps to reproduce: review the function for buffer overflow again.
Patch: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff_plain;h=454d6fbc48374be8f53b9bafaa86530cf8eb3bc1;hp=5d8b2ebfa298ec4e6d9fa43e60fb013e8cd963aa
Adding non-genpatches maintainers: sh-sources-2.6: sh xbox-sources-2.6: chrb xen-sources-2.6: chrb, agriffis
does anyone know if upstream going to release another 2.6.16.x? I think xen-sources still based on 2.6.16 series.
xen-sources bumped to 2.6.16.26-r1 with patch from comment #2
rsbac-sources-2.6: Please bump to 2.6.17 or add patch usermode-sources-2.6: Please bump to 2.6.17 or add patch
Naughty naughty, someone forgot to set status to ASSIGNED.
usermode-sources-2.6.16-r5 added.
RSBAC, SH, you are still vulnerable. Please patch or bump past 2.6.17
rsbac-sources bumped to 2.6.18 in ~
SH Sources no longer covered by Gentoo Security. Closing bug.