OSVDB ID: 29841

Title: Linux Kernel net/ipv4/netfilter/ IPv4 Socket Name Return Arbitrary Memory Disclosure

Info

Disclosure
Mar 04, 2006

Discovery
Unknown

Dates

Exploit
Unknown

Solution
Unknown

Description

 The Linux kernel contains a flaw that may lead to local memory disclosure. The issue is due to net/ipv4/netfilter/ip_conntrack_core.c, net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c and net/ipv4/af_inet.c not properly clearing the 'sockaddr_in.sin_zero' struct. The resulting 6 byte leak to userspace occurs when returning IPv4 socket names from getsockopt(), getpeername(), accept() and getsockname() functions. This could allow a local attacker to possibly obtain sensitive information.

Classification

 Location: Local Access Required
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

 Upgrade to version 2.6.18 or higher, as it has been reported to fix this vulnerability. In addition, Pavel Kankovsky has released a patch for some older versions.

Products

Linux

Kernel

 2.4
2.4.1
2.4.2
2.4.3
2.4.4
2.4.5
2.4.6
2.4.7
2.4.8
2.4.1x
2.4.2x
2.4.30
2.4.31
2.4.32
2.4.33.1
2.4.33.2
2.5.x
2.6
2.6.1
2.6.2
2.6.3
2.6.4
2.6.5
2.6.6
2.6.7
2.6.8
2.6.9
2.6.10
2.6.11
2.6.12
2.6.13
2.6.14
2.6.15
2.6.16
2.4.9

References

Credit

Unknown or Incomplete


Direct URL: http://osvdb.org/29841