|
|
| |
|
| |
kernel: multiple vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2009-3001
CVE-2009-3002
|
| Created: | October 5, 2009 |
Updated: | February 15, 2010 |
| Description: |
From the Red Hat bugzilla entry:
1) NET: llc, zero sockaddr_llc struct
sllc_arphrd member of sockaddr_llc might not be changed. Zero sllc before
copying to the above layer's structure.
http://git.kernel.org/linus/3480c63bdf008e9289aab94418f43b9592978fff
http://git.kernel.org/linus/28e9fc592cb8c7a43e4d3147b38be6032a0e81bc
http://milw0rm.com/exploits/9513
Note that LLC sockets are restricted to root since v2.6.25-rc9 (see commit
3480c63b).
2) can: Fix raw_getname() leak
raw_getname() can leak 10 bytes of kernel memory to user
http://git.kernel.org/linus/e84b90ae5eb3c112d1f208964df1d8156a538289
Note that this was introduced in v2.6.25-rc1.
3) irda: Fix irda_getname() leak
irda_getname() can leak kernel memory to user.
http://git.kernel.org/linus/09384dfc76e526c3993c09c42e016372dc9dd22c
4) appletalk: fix atalk_getname() leak
atalk_getname() can leak 8 bytes of kernel memory to user
http://git.kernel.org/linus/3d392475c873c10c10d6d96b94d092a34ebd4791
http://milw0rm.com/exploits/9521
5) netrom: Fix nr_getname() leak
nr_getname() can leak kernel memory to user.
http://git.kernel.org/linus/f6b97b29513950bfbf621a83d85b6f86b39ec8db
6) econet: Fix econet_getname() leak
econet_getname() can leak kernel memory to user.
http://git.kernel.org/linus/80922bbb12a105f858a8f0abb879cb4302d0ecaa
7) rose: Fix rose_getname() leak
rose_getname() can leak kernel memory to user.
http://git.kernel.org/linus/17ac2e9c58b69a1e25460a568eae1b0dc0188c25
CVE request:
http://article.gmane.org/gmane.comp.security.oss.general/2029
http://article.gmane.org/gmane.comp.security.oss.general/2033
|
| Alerts: |
|
( Log in to post comments)
|
|
|