Freely subscribe to our NEWSLETTER

This bulletin was written by Vigil@nce : http://vigilance.fr/

SYNTHESIS OF THE VULNERABILITY

On an Alpha processor, a local attacker can use OSF/1 system
calls, in order to obtain information or to corrupt the memory.

– Severity: 1/4
– Creation date: 13/06/2011

IMPACTED PRODUCTS

– Linux kernel

DESCRIPTION OF THE VULNERABILITY

The arch/alpha/kernel/osf_sys.c file implements OSF/1 system calls
for Alpha processor. It contains four vulnerabilities.

The osf_getdomainname() system call does not check if a size is
negative, so an attacker can read the kernel memory.
[severity:1/4; CVE-2011-2208]

The osf_sysinfo() system call does not check if a size is
negative, so an attacker can read the kernel memory.
[severity:1/4; CVE-2011-2209]

The osf_getsysinfo() system call does not check if a size is too
large, so an attacker can read the kernel memory. [severity:1/4;
CVE-2011-2210]

The osf_wait4() system call can write its results at a memory
address which is under control of an attacker. [severity:1/4;
CVE-2011-2211]

On an Alpha processor, a local attacker can therefore use OSF/1
system calls, in order to obtain information or to corrupt the
memory.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/Linux-kernel-four-vulnerabilities-of-Alpha-OSF-10729