Linux Kernel net/ipv6/ipv6_sockglue.c ipv6_getsockopt_sticky Function Arbitrary Memory Disclosure

2007-03-07T13:48:26
ID OSVDB:33025
Type osvdb
Reporter OSVDB
Modified 2007-03-07T13:48:26

Description

Vulnerability Description

A local overflow exists in the Linux kernel. The 'ipv6_getsockopt_sticky()' function in script 'ipv6_sockglue.c' fails to provide proper boundary checking resulting in a null pointer dereference overflow. With a specially crafted request, an unprivileged user can read arbitrary kernel memory resulting in a loss of confidentiality. The information gathered could be of use in further attacks on the system.

Solution Description

Upgrade to version 2.6.20.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A local overflow exists in the Linux kernel. The 'ipv6_getsockopt_sticky()' function in script 'ipv6_sockglue.c' fails to provide proper boundary checking resulting in a null pointer dereference overflow. With a specially crafted request, an unprivileged user can read arbitrary kernel memory resulting in a loss of confidentiality. The information gathered could be of use in further attacks on the system.

References:

Vendor Specific News/Changelog Entry: http://bugzilla.kernel.org/show_bug.cgi?id=8134 Vendor Specific News/Changelog Entry: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.2 Secunia Advisory ID:24493 Secunia Advisory ID:24518 Secunia Advisory ID:24901 Secunia Advisory ID:26133 Secunia Advisory ID:25080 Secunia Advisory ID:24777 Secunia Advisory ID:25099 Secunia Advisory ID:25691 Secunia Advisory ID:26139 Related OSVDB ID: 33026 RedHat RHSA: RHSA-2007:0169 Other Advisory URL: http://fedoranews.org/cms/node/2787 Other Advisory URL: http://www.ubuntu.com/usn/usn-486-1 Other Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-April/000174.html Other Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:078 Other Advisory URL: http://lists.suse.com/archive/suse-security-announce/2007-May/0001.html Other Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-June/000200.html Other Advisory URL: http://www.ubuntu.com/usn/usn-489-1 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0148.html ISS X-Force ID: 32931 FrSIRT Advisory: ADV-2007-0907 CVE-2007-1000 CERT VU: 920689 Bugtraq ID: 22904