OSVDB ID: 33025

Title: Linux Kernel net/ipv6/ipv6_sockglue.c ipv6_getsockopt_sticky Function Arbitrary Memory Disclosure

Info

Disclosure
Mar 07, 2007

Discovery
Unknown

Dates

Exploit
Jul 02, 2007

Solution
Unknown

Description

 A local overflow exists in the Linux kernel. The 'ipv6_getsockopt_sticky()' function in script 'ipv6_sockglue.c' fails to provide proper boundary checking resulting in a null pointer dereference overflow. With a specially crafted request, an unprivileged user can read arbitrary kernel memory resulting in a loss of confidentiality. The information gathered could be of use in further attacks on the system.

Classification

 Location: Local Access Required
Attack Type: Denial of Service, Information Disclosure
Impact: Loss of Confidentiality, Loss of Availability
Exploit: Exploit Rumored
Disclosure: OSVDB Verified, Vendor Verified

Solution

 Upgrade to version 2.6.20.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Linux

Linux Kernel

 2.6.20.2
2.6.20.1
2.6.20
2.6.19.x
2.6.19
2.6.18.x
2.6.18
2.6.17.x
2.6.17
2.6.16.x
2.6.16
2.6.15.x
2.6.15
2.6.14.x
2.6.14
2.6.13.x
2.6.13
2.6.12.x
2.6.12
2.6.11.x
2.6.11
2.6.10
2.6.9
2.6.8.1
2.6.8
2.6.7
2.6.6
2.6.5
2.6.4
2.6.3
2.6.2
2.6.1
2.6.0

References

Credit

Unknown or Incomplete


Direct URL: http://osvdb.org/33025