Candidate: CVE-2005-0504 
References: 
 MISC:http://www.securitytracker.com/alerts/2005/Feb/1013273.html
Description: 
 Buffer overflow in the MoxaDriverIoctl function for the moxa serial
 driver (moxa.c) in Linux 2.2.x, 2.4.x, and 2.6.x before 2.6.22 allows
 local users to execute arbitrary code via a certain modified length
 value.
Ubuntu-Description:
 A buffer overflow was discovered in the Moxa serial driver.  Local
 attackers could execute arbitrary code and gain root privileges.
Notes:
 Make sure the length we're passing copy_from_user() is never negative or
 too large for moxaBuff.
 dannf> still not upstream as of 2.6.18-rc4, i've poked upstream about it
 dannf> no response from maintainer - poked linux-serial:
          http://article.gmane.org/gmane.linux.serial/1717
 dannf> no response from linux-serial, poked lkml + Jiri Slaby who has done
        quite a bit of work on the driver recently:
          http://lkml.org/lkml/2007/4/30/507
 dannf> dilinger points out in the above thread that its no longer a
        security issue since a CAP_SYS_RAWIO was added (in 2.6.16).
Bugs: 
upstream: released (2.6.16)
linux-2.6: released (2.6.16-1)
2.6.8-sarge-security: released (2.6.8-12) [030-moxa_user_copy_checking.dpatch]
2.4.27-sarge-security: released (2.4.27-8) [125_moxa_bound_checking.diff]
2.4.19-woody-security: released (2.4.19-4.woody3)
2.4.18-woody-security: released (2.4.18-14.4)
2.4.17-woody-security: released (2.4.17-1woody4)
2.4.16-woody-security: released (2.4.16-1woody3)
2.4.17-woody-security-hppa: released (32.5)
2.4.17-woody-security-ia64: released (011226.18)
2.4.18-woody-security-hppa: released (62.4)
2.6.18-etch-security: N/A
2.6.15-dapper-security: released (2.6.15-29.58)