blob: 7903c85c8528d7ddb103df2ca7cfdc7fdd2cf150 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
Candidate: CVE-2009-3547
Description:
a NULL pointer dereference flaw was found in each of the following
functions in the Linux kernel: pipe_read_open(), pipe_write_open(), and
pipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could
be released by other processes before it is used to update the pipe's reader
and writer counters. This could lead to a local denial of service or
privilege escalation.
References:
http://www.openwall.com/lists/oss-security/2009/11/03/1
Notes:
Brad Spengler *claims* to have already developed a working exploit. Since
his previous work has been effective, it is probably true. Hence, this
should be treated with high urgency.
- May be not be exploitable on debian due to mmap_min_addr protections?
jmm> ad3960243e55320d74195fb85c975e0a8cc4466c
Bugs:
upstream: released (2.6.32-rc6) [ad396024]
linux-2.6: released (2.6.31-2)
2.6.18-etch-security: released (2.6.18.dfsg.1-26etch1) [bugfix/all/fs-pipe-null-pointer-dereference.patch]
2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch1) [bugfix/all/fs-pipe-null-pointer-dereference.patch]
2.6.26-lenny-security: released (2.6.26-19lenny2) [bugfix/all/fs-pipe-null-pointer-dereference.patch]
|