blob: 268db4641bfde378adfd9ca4e102220d5fab15ca (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
Candidate: CVE-2006-1343
References:
http://marc.theaimsgroup.com/?l=linux-netdev&m=114148078223594&w=2
Description:
net/ipv4/netfilter/ip_conntrack_core.c in Linux kernel 2.4 and 2.6, and
possibly net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c in 2.6, does not
clear sockaddr_in.sin_zero before returning IPv4 socket names from the
getsockopt function with SO_ORIGINAL_DST, which allows local users to
obtain portions of potentially sensitive memory.
Notes:
troyh> This isn't fixed upstream in 2.6 yet, at least not in the same way as 2.4
dannf> marking ignored for sarge3/2.6 due to ^^
jmm> It's now fixed upstream in 2.6 as well, let's include it in sarge4
Bugs:
upstream: released (2.4.33-pre3), released (2.6.16.19)
linux-2.6: released (2.6.16-15)
2.6.8-sarge-security: released (2.6.8-16sarge5) [netfilter-SO_ORIGINAL_DST-leak.dpatch]
2.4.27-sarge-security: released (2.4.27-10sarge3) [212_ipv4-sin_zero_clear.diff]
|