blob: f8dd9c0301e7ad959928c2c54bffa3a611990e82 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
Candidate: CVE-2009-3001
Description:
The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel
2.6.31-rc7 and earlier does not initialize a certain data structure,
which allows local users to read the contents of some kernel memory
locations by calling getsockname on an AF_LLC socket.
References:
https://bugzilla.redhat.com/show_bug.cgi?id=519305
http://git.kernel.org/linus/28e9fc592cb8c7a43e4d3147b38be6032a0e81bc
http://jon.oberheide.org/files/llc-getsockname-leak.c
Ubuntu-Description:
Notes:
gilbert> minor info leak, so not very urgent
Bugs:
upstream: released (2.6.31-rc8) [28e9fc592cb8c7a43e4d3147b38be6032a0e81bc]
linux-2.6: released (2.6.31-1~experimental.1)
2.6.18-etch-security: released (2.6.18.dfsg.1-26etch1) [bugfix/all/net-llc-zero-sockaddr_llc-struct.patch]
2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch1) [bugfix/all/net-llc-zero-sockaddr_llc-struct.patch]
2.6.26-lenny-security: released (2.6.26-19lenny1) [bugfix/all/net-llc-zero-sockaddr_llc-struct.patch]
|