Vigil@nce: Linux kernel, memory reading via eql
September 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
When a network device with Equalizer Load Balancer is installed, a
local attacker can obtain 16 bytes coming from the kernel memory.
– Severity: 1/4
– Creation date: 14/09/2010
DESCRIPTION OF THE VULNERABILITY
The drivers/net/eql.c file implements the support of network
devices with Equalizer Load Balancer.
The ioctl EQL_GETMASTRCFG retrieves the configuration of the
master device. However, the eql_g_master_cfg() function does not
initialize the master_config_t structure. The 16 bytes located in
the "master_name" field of the structure are thus transmitted to
the user.
When a network device with Equalizer Load Balancer is installed, a
local attacker can therefore obtain 16 bytes coming from the
kernel memory.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-memory-reading-via-eql-9926