Medium: kernel

Issue Overview: The rdsrecvmsg function in net/rds/recv.c in the Linux kernel before 3.0.44 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a 1 recvfrom or 2 recvmsg system call on an RDS socket...

PT-2012-4705 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.0.44 Description: The issue is related to the rds recvmsg function in the Linux kernel, which does not initialize a certain structure member. This allows local users to obtain potentially sensitive information...

Linux Kernel 2.6.x - rds_recvmsg() Local Information Disclosure

Linux Kernel 2.6.x - rdsrecvmsg Local Information Disclosure / source: https://www.securityfocus.com/bid/54702/info The Linux kernel is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks. /...

CVE-2010-3904

The rdspagecopyuser function in net/rds/page.c in the Reliable Datagram Sockets RDS protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg syste...

Design/Logic Flaw

The rdspagecopyuser function in net/rds/page.c in the Reliable Datagram Sockets RDS protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg syste...

CVE-2010-3904

CVE-2010-3904 is a Linux kernel flaw in the RDS implementation where rds_page_copy_user does not validate user-space addresses, enabling local privilege escalation via crafted sendmsg/recvmsg calls. Affected: Linux kernels prior to 2.6.36; fixed in later kernel releases (e.g., Red Hat/CentOS advi...

kernel: RDS sockets local privilege escalation

The rdspagecopyuser function in net/rds/page.c in the Reliable Datagram Sockets RDS protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg syste...

PT-2010-5158 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to 2.6.36 Description: The issue is related to improper input validation in the Reliable Datagram Sockets RDS protocol implementation. Specifically, the rds page copy user function in net/rds/page.c does not proper...

Linux kernel RDS protocol privilege escalation

It's possible to overwite kernel memory regions via recvmsg for RDS protocol...

CVE-2010-3904

The rdspagecopyuser function in net/rds/page.c in the Reliable Datagram Sockets RDS protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg syste...

Linux Kernel < 2.4.36.9/2.6.27.5 Unix Sockets Local Kernel Panic Exploit

No description provided by source. include sys/socket.h include sys/un.h include unistd.h include assert.h include err.h include stdlib.h static int ownchildint us int pid; int s2; struct msghdr mh; char crap1024; struct iovec iov; struct cmsghdr c; int fd; int rc; pid = fork; if pid == -1 err1,...

Linux Kernel __scm_destroy()本地拒绝服务漏洞

BUGTRAQ ID: 32154 CVECAN ID: CVE-2008-5029 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的net/core/scm.c文件中的scmdestroy函数可能通过调用fput函数间接地递归调用其本身，本地攻击者可以通过UNIX域套接字发送SCMRIGHTS消息并关闭文件描述符导致拒绝服务的情况。 Linux kernel 2.6.27.4 Linux kernel 2.6.26 Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Linux Kernel 2.4.36.92.6.27.5 - Unix Sockets Local Kernel Panic (Denial of Service)

Linux Kernel 2.4.36.92.6.27.5 - Unix Sockets Local Kernel Panic Denial of Service include include include include include include static int ownchildint us int pid; int s2; struct msghdr mh; char crap1024; struct iovec iov; struct cmsghdr c; int fd; int rc; pid = fork; if pid == -1 err1, "fork"; ...