Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Subscribe

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Security Vulnerability

Vigil@nce - Linux kernel: memory reading via ipc

October 2010 by Vigil@nce

This bulletin was written by Vigil@nce : http://vigilance.fr/

SYNTHESIS OF THE VULNERABILITY

A local attacker can use an IPC, in order to read bytes stored in
the kernel memory.

Severity: 1/4

Creation date: 07/10/2010

DESCRIPTION OF THE VULNERABILITY

Several system calls manage IPC (Inter Process Communication):
 semctl() : semaphores
 shmctl() : shared memory
 msgctl() : messages

However, these functions do not initialize fields of a structure.
Previous data are thus transmitted to the user.

The shmctl() function of the ipc/shm.c file does not correctly
initialize the shmid_ds structure. [severity:1/4; BID-43829]

The shmctl(), shmctl() and msgctl() functions of the ipc/compat.c
file do not correctly initialize several structures.
[severity:1/4; BID-43828]

A local attacker can therefore use an IPC, in order to read bytes
stored in the kernel memory.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/Linux-kernel-memory-reading-via-ipc-10008


See previous articles

    

See next articles


Security Vulnerability

All our news in english

Alle unsere News auf deutsch

Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts

 
News Files Cyber Security Security Vulnerability Malware Update Diary Guide & Podcast TRAINING Jobs CONTACTS Contact About Mentions légales identifier ADMIN

Global Security Mag Copyright 2011