Vigil@nce - Linux kernel: memory leaks of net
November 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
A local attacker can use network sockets, in order to read bytes
stored in the kernel memory.
Severity: 1/4
Creation date: 03/11/2010
DESCRIPTION OF THE VULNERABILITY
The Linux kernel implements several socket types: ax25 (radio),
packet (raw level), tipc (Transparent Inter Process
Communication). These types do not correctly initialize their data
before returning them to the user.
The ax25_getname() function does not fully initialize the
"fsa_digipeater" field of the "fsa" structure. [severity:1/4;
CVE-2010-3875]
The packet_getname_spkt() function does not fully initialize the
"sa_data" field of the "sockaddr" structure. [severity:1/4;
CVE-2010-3876]
The get_name() function does not initialize the padding of the
"sockaddr_tipc" structure. [severity:1/4; CVE-2010-3877]
A local attacker can therefore use network sockets, in order to
read bytes stored in the kernel memory.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-memory-leaks-of-net-10096