Vigil@nce - Linux kernel: memory reading via ipc
October 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
A local attacker can use an IPC, in order to read bytes stored in
the kernel memory.
Severity: 1/4
Creation date: 07/10/2010
DESCRIPTION OF THE VULNERABILITY
Several system calls manage IPC (Inter Process Communication):
– semctl() : semaphores
– shmctl() : shared memory
– msgctl() : messages
However, these functions do not initialize fields of a structure.
Previous data are thus transmitted to the user.
The shmctl() function of the ipc/shm.c file does not correctly
initialize the shmid_ds structure. [severity:1/4; BID-43829]
The shmctl(), shmctl() and msgctl() functions of the ipc/compat.c
file do not correctly initialize several structures.
[severity:1/4; BID-43828]
A local attacker can therefore use an IPC, in order to read bytes
stored in the kernel memory.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-memory-reading-via-ipc-10008