Vigil@nce: Linux kernel, information disclosure via NETROM/ROSE/X25
April 2009 by Vigil@nce
When NETROM/ROSE/X25 is enabled, an attacker can obtain fragments of the kernel memory.
– Severity: 1/4
– Consequences: data reading
– Provenance: intranet client
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: low (1/3)
– Creation date: 08/04/2009
IMPACTED PRODUCTS
– Linux kernel
DESCRIPTION OF THE VULNERABILITY
The kernel supports Netrom (Amateur Radio), Rose (Amateur Radio)
and X.25 (switched) network protocols.
The same vulnerability impacts these three implementations:
– function named nr_sendmsg() in net/netrom/af_netrom.c
– function named rose_sendmsg() in net/rose/af_rose.c
– function named x25_sendmsg() in net/x25/af_x25.c
Indeed, these functions do not check the message size. If the size
is too big, an integer overflow occurs, and the initialized memory
area is shorted than the sent memory area.
When NETROM/ROSE/X25 is enabled, an attacker can therefore obtain
fragments of the kernel memory.
CHARACTERISTICS
– Identifiers: CVE-2009-1265, VIGILANCE-VUL-8610
– Url: http://vigilance.fr/vulnerability/Linux-kernel-information-disclosure-via-NETROM-ROSE-X25-8610
To change your email preferences (frequency, severity threshold, format):
https://vigilance.fr/?action=2041549901&langue=2