Vigil@nce: Linux kernel, reading memory on eCryptfs
March 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
A local attacker can read fragments of kernel memory by reading a
file on eCryptfs.
Gravity: 1/4
Consequences: data reading
Provenance: user shell
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 23/03/2009
IMPACTED PRODUCTS
– Linux kernel
DESCRIPTION OF THE VULNERABILITY
The eCryptfs filesystem is used to encrypt data.
When eCryptfs is used, a memory area is allocated to store future
headers. However, bytes located between 0x1000 and 0x1FFFF are not
always reset. The full header is then written on the filesystem.
An attacker allowed to read this file can therefore obtain 4kbytes
coming from the kernel memory.
A local attacker can therefore read fragments of kernel memory by
reading a file on eCryptfs.
CHARACTERISTICS
Identifiers: BID-34216, CVE-2009-0787, VIGILANCE-VUL-8554
http://vigilance.fr/vulnerability/Linux-kernel-reading-memory-on-eCryptfs-8554