Vigil@nce: Linux kernel, four vulnerabilities of Alpha OSF
June 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
On an Alpha processor, a local attacker can use OSF/1 system
calls, in order to obtain information or to corrupt the memory.
– Severity: 1/4
– Creation date: 13/06/2011
IMPACTED PRODUCTS
– Linux kernel
DESCRIPTION OF THE VULNERABILITY
The arch/alpha/kernel/osf_sys.c file implements OSF/1 system calls
for Alpha processor. It contains four vulnerabilities.
The osf_getdomainname() system call does not check if a size is
negative, so an attacker can read the kernel memory.
[severity:1/4; CVE-2011-2208]
The osf_sysinfo() system call does not check if a size is
negative, so an attacker can read the kernel memory.
[severity:1/4; CVE-2011-2209]
The osf_getsysinfo() system call does not check if a size is too
large, so an attacker can read the kernel memory. [severity:1/4;
CVE-2011-2210]
The osf_wait4() system call can write its results at a memory
address which is under control of an attacker. [severity:1/4;
CVE-2011-2211]
On an Alpha processor, a local attacker can therefore use OSF/1
system calls, in order to obtain information or to corrupt the
memory.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-four-vulnerabilities-of-Alpha-OSF-10729