Linux Kernel Vulnerability

barryg · February 5, 2004, 2:16am

Linux Kernel Vulnerability
do_brk()[0][1]

    The latest Digi CM firmware[2] did not mention any fixes to this bug.

[0]
http://isec.pl/papers/linux_kernel_do_brk.pdf
[1]
http://www.kb.cert.org/vuls/id/301156
[2]
http://ftp.digi.com/support/firmware/digicm/93000490_H.txt
[3]

michaelt · February 5, 2004, 6:54pm

This is being evaluated to see whether its applicable to us or not, and what possible effects it might have. If you’ve found a specific vulnerability, please contact Technical Support, along with the version of firmware you’re currently using.

barryg · February 10, 2004, 12:23am

From Digi support folks:

Regarding the kernel vulnerabilities:

We have fixed the do_brk() Linux Kernel Vulnerability(CAN-2003-0961) in
the current v1.4.0 release.

But there is still another Linux Kernel Vulnerability(mremap()
vulnerability : CAN-2003-0985) which is not yet fixed in the CM. This
will be fixed in our March Release.

P.S.:
As you may know, a CM user (except root user) cannot copy his own binary
file to the CM by himself. Only the root user can copy files to the CM
and can change attributes of the files in the CM. So I think this kind
of vulnerability( : Allowing a local attacker to gain root privileges)
is not relevent in our case.

Support Wizards

Topic		Replies	Views
Is Digi CM running ( v1.9.5.3 ) vulnerable to CVE-2003-1418 (apache-httpd-cve-2003-1418)? Digi CM & Passport cve-2003-1418	0	288	November 22, 2017
CVE-2007-4752 (vulnerability: openssh-x11-cookie-auth-bypass) Digi CM & Passport openss	1	466	November 9, 2017
Digi_CM_Device Digi CM & Passport data	0	387	September 25, 2020
After Firmware reset i cant login Digi CM & Passport default-login-creden , error , passport	1	1084	September 14, 2021
Digi CM 16 firmware upgrade from v1.7.0.1 to v1.9.5.3 Digi CM & Passport firmware	1	457	October 29, 2020

Linux Kernel Vulnerability

Related Topics