Vigil@nce: Linux kernel, buffer underflow of IB700
December 2008 by Vigil@nce
A local attacker can use the IB700 card in order to create a
denial of service or to elevate his privileges.
– Gravity: 2/4
– Consequences: administrator access/rights
– Provenance: user shell
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 10/12/2008
IMPACTED PRODUCTS
– Linux kernel
DESCRIPTION
The drivers/watchdog/ib700wdt.c file implements the support for
the WatchDog located on IB700 cards (Full-Size Socket 370 CPU
Card).
The ibwdt_set_heartbeat() function does not check a limit
condition, which forces an integer to become negative. The kernel
thus corrupts the memory located before the storage area.
A local attacker can therefore use the IB700 card in order to
create a denial of service or to elevate his privileges.
CHARACTERISTICS
– Identifiers: VIGILANCE-VUL-8315
– Url: http://vigilance.fr/vulnerability/8315