Vigil@nce: Linux kernel, denial of service via TIPC
March 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
When the Linux kernel supports TIPC, a local attacker can use a
TIPC socket, in order to stop the system.
– Severity: 1/4
– Creation date: 30/03/2010
DESCRIPTION OF THE VULNERABILITY
The TIPC (Transparent Inter-Process Communication) protocol is
used for the communication of processes located on different nodes
of a cluster. TIPC uses the AF_TIPC socket family.
A local attacker can open an AF_TIPC socket, and before opening
the session (NET_MODE) he can send a message destined to another
node. In this case, the kernel dereferences the tipc_net.zones
pointer, which is NULL.
When the Linux kernel supports TIPC, a local attacker can
therefore use a TIPC socket, in order to stop the system.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-TIPC-9546