On Wed, 22 Dec 2010 18:51:33 +0100, Ludovic Rousseau wrote: > To trigger the bug the attacker needs to connect a serial reader to the > host. And then needs to have a physical access to the computer. > > To enable the serial reader the attacker needs to edit the file > /etc/reader.conf and configure the use of the connected serial reader. > So the attacker must have root access to trigger the buffer overflow.
An administrator making use of a serial card reader is likely to have done this prior to the attacker having access to the reader. > I downgrade the severity to important. I don't think I will fix the bug > for squeeze. I don't want to blow things out of proportion, but these bugs completely violate the security model that is intended by card readers. So even though the exploit is difficult and requires local access, it is a real issue and really needs to be fixed. I don't want to play bts ping pong, but this really should be fixed for squeeze (making it RC). I suggest re-raising severity, and I will apply the patches myself (since they're rather modest) if you aren't willing to do so yourself. I'll also do an SPU for lenny. Best wishes, Mike -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
