|
Linux Kernel IPv4 "sockaddr_in.sin_zero" Information Disclosure
|
|
|
|
|
Secunia Advisory:
|
SA19357
|
|
|
Release Date:
|
2006-03-23
|
|
Last Update:
|
2006-05-31
|
|
|
Critical:
|
Not critical
|
|
Impact:
|
Exposure of sensitive information
|
|
Where:
|
Local system
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | Linux Kernel 2.4.x
Linux Kernel 2.6.x
|
|
| | CVE reference: | CVE-2006-1342 (Secunia mirror)
CVE-2006-1343 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
Pavel Kankovsky has reported a weakness in the Linux kernel, which can be exploited by malicious, local users to disclose potentially sensitive information.
The weakness is caused due to the "sockaddr_in.sin_zero" array not being zeroed before being returned to user space programs calling certain socket functions to retrieve information about the specified socket. This can be exploited to disclose six uninitialised bytes of the kernel stack via calls to the "getsockopt()" function with the "SO_ORIGINAL_DST" option, or via calls to the "getsockname()", "getpeername()", and "accept()" functions.
The weakness has been reported in the 2.4 and 2.6 kernel branches.
NOTE: The weakness in the "getsockname()", "getpeername()", and "accept()" functions affect only the 2.4 kernel.
Solution:
Update to the fixed versions.
http://kernel.org/
Kernel 2.4.x:
Fixed in the CVS repositories.
Kernel 2.6.x:
Update to version 2.6.16.19.
Provided and/or discovered by:
Pavel Kankovsky
Changelog:
2006-05-31: Updated "Solution Status", "Solution" and "Original Advisory" sections.
Original Advisory:
http://marc.theaimsgroup.com/?l=linux-netdev&m=114148078223594&w=2
Kernel.org:
http://www.kernel.org/git/?p=linux/ke...3b3dcfa80c9094f1748c1be064b9326c9ef2b
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.19
http://www.kernel.org/git/?p=linux/ke...91f6a4a11feb5794aef9307c428838129ea02
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
185 Related Secunia Security Advisories, displaying 10
|
|
|
1. Linux Kernel "dccp_setsockopt_change()" Integer Overflow
|
|
2. Linux Kernel Information Disclosure and Denial of Service
|
|
3. Linux Kernel LDT Buffer Size Handling Vulnerability
|
|
4. Linux Kernel Multiple Vulnerabilities
|
|
5. Linux Kernel "pppol2tp_recvmsg()" Memory Corruption Vulnerability
|
|
6. Linux Kernel ASN.1 BER Decoding Vulnerability
|
|
7. Linux Kernel Denial of Service Vulnerabilities
|
|
8. Linux Kernel Unspecified Vulnerability
|
|
9. Linux Kernel Multiple Vulnerabilities
|
|
10. Linux Kernel Multiple Vulnerabilities
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
