188260 – Linux Kernel 2.6.x Security Bypass in AACRAID driver (CVE-2007-4308)

Bug 188260 - Linux Kernel 2.6.x Security Bypass in AACRAID driver (CVE-2007-4308)

Summary: Linux Kernel 2.6.x Security Bypass in AACRAID driver (CVE-2007-4308)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://secunia.com/advisories/26322/
Whiteboard:	[linux < 2.6.22.2][gp < 2.6.22-4]
Keywords:

Depends on:
Blocks:

Reported:	2007-08-09 18:43 UTC by Matt Fleming (RETIRED)
Modified:	2013-09-03 03:46 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Matt Fleming (RETIRED) gentoo-dev

2007-08-09 18:43:59 UTC

A security issue has been reported in the Linux Kernel, which can be exploited by malicious, local users to bypass certain security restrictions.

The security issue is caused due to the AACRAID driver not correctly checking the privileges for IOCTLs. This can be exploited to perform potentially dangerous operations by sending certain IOCTLs to the driver.

The security issue is reported in versions prior to 2.6.23-rc2. Other versions may also be affected.

Comment 1 Matt Fleming (RETIRED) gentoo-dev

2007-08-09 18:55:29 UTC

A patch to fix this issue can be found here, http://lkml.org/lkml/2007/7/23/195

Comment 2 Greg Kroah-Hartman (RETIRED) gentoo-dev

2007-08-10 03:02:42 UTC

This is already included in the 2.6.22.2 release.

Comment 3 Mike Pagano gentoo-dev

2007-11-19 14:30:51 UTC

linux kernel 2.6.22.2 is currently in a stable gentoo-sources release.

Comment 4 Mike Pagano gentoo-dev

2008-03-21 11:28:47 UTC

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=719be62903a6e6419789557cb3ed0e840d3e4ca9