Linux Kernel Vulnerability

Linux Kernel Vulnerability

    The latest Digi CM firmware[2] did not mention any fixes to this bug. 


This is being evaluated to see whether its applicable to us or not, and what possible effects it might have. If you’ve found a specific vulnerability, please contact Technical Support, along with the version of firmware you’re currently using.

From Digi support folks:

Regarding the kernel vulnerabilities:

We have fixed the do_brk() Linux Kernel Vulnerability(CAN-2003-0961) in
the current v1.4.0 release.

But there is still another Linux Kernel Vulnerability(mremap()
vulnerability : CAN-2003-0985) which is not yet fixed in the CM. This
will be fixed in our March Release.

As you may know, a CM user (except root user) cannot copy his own binary
file to the CM by himself. Only the root user can copy files to the CM
and can change attributes of the files in the CM. So I think this kind
of vulnerability( : Allowing a local attacker to gain root privileges)
is not relevent in our case.

Support Wizards