Pavel Kankovsky has reported a weakness in the Linux kernel, which can be exploited by malicious, local users to disclose potentially sensitive information.

The weakness is caused due to the "sockaddr_in.sin_zero" array not being zeroed before being returned to user space programs calling certain socket functions to retrieve information about the specified socket. This can be exploited to disclose six uninitialised bytes of the kernel stack via calls to the "getsockopt()" function with the "SO_ORIGINAL_DST" option, or via calls to the "getsockname()", "getpeername()", and "accept()" functions.

The weakness has been reported in the 2.4 and 2.6 kernel branches.

NOTE: The weakness in the "getsockname()", "getpeername()", and "accept()" functions affect only the 2.4 kernel.

Solution
Update to the fixed versions.
Further details available to Secunia VIM customers

Provided and/or discovered by
Pavel Kankovsky

Changelog
Further details available to Secunia VIM customers

Original Advisory
http://marc.theaimsgroup.com/?l=linux-netdev&m=114148078223594&w=2

Kernel.org:
http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=09d3b3dcfa80c9094f1748c1be064b9326c9ef2b
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.19
http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.16.y.git;a=commit;h=11091f6a4a11feb5794aef9307c428838129ea02

Deep Links
Links available to Secunia VIM customers