Bug 142252

Summary: VUL-0: kernel: wan/sdla.c firmware write permission problem
Product: [openSUSE] SUSE LINUX 10.0 Reporter: Marcus Meissner <meissner>
Component: KernelAssignee: E-mail List <kernel-maintainers>
Status: RESOLVED WONTFIX QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard: CVE-2006-0096: CVSS v2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Marcus Meissner 2006-01-10 09:46:24 UTC 
is public:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0096

wan/sdla.c in Linux kernel 2.6.x before 2.6.11 and 2.4.x before 2.4.29 does not require the CAP_SYS_RAWIO privilege for an SDLA firmware upgrade, with unknown impact and local attack vectors.
Comment 1 Marcus Meissner 2006-01-11 09:42:11 UTC 
NOTE: further
investigation suggests that this issue requires root privileges to
exploit, since it is protected by CAP_NET_ADMIN; thus it might not be
a vulnerability, although capabilities provide finer distinctions
between privilege levels.


so we leave it out (and get it from mainline)
Comment 2 Thomas Biege 2009-10-13 21:49:58 UTC 
CVE-2006-0096: CVSS v2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)