oss-sec mailing list archives

Re: CVE request: kernel: memory disclosure in SO_BSDCOMPAT gsopt

From: Eugene Teo <eugene () redhat com>
Date: Wed, 25 Feb 2009 10:06:28 +0800

Eugene Teo wrote:

Steven M. Christey wrote:
======================================================
Name: CVE-2009-0676
[...]
The sock_getsockopt function in net/core/sock.c in the Linux kernel
before 2.6.28.6 does not initialize a certain structure member, which
allows local users to obtain potentially sensitive information from
kernel memory via an SO_BSDCOMPAT getsockopt request.
The fix for CVE-2009-0676 (upstream commit df0bca04) is incomplete. Notethat the same problem of leaking kernel memory will reappear if someoneon some architecture uses struct timeval with some internal padding (forexample tv_sec 64-bit and tv_usec 32-bit) --- then, you are going toleak the padded bytes to userspace.
net: amend the fix for SO_BSDCOMPAT gsopt infoleak
http://marc.info/?l=linux-kernel&m=123540732700371&w=2
http://marc.info/?l=linux-netdev&m=123543237010175&w=2


Upstream commit: 50fee1dec5d71b8a14c1b82f2f42e16adc227f8b.

Thanks, Eugene
--
Eugene Teo / Red Hat Security Response Team

Current thread:

CVE request: kernel: memory disclosure in SO_BSDCOMPAT gsopt Eugene Teo (Feb 19)
- Re: CVE request: kernel: memory disclosure in SO_BSDCOMPAT gsopt Steven M. Christey (Feb 22)
  - Re: CVE request: kernel: memory disclosure in SO_BSDCOMPAT gsopt Eugene Teo (Feb 23)
    - Re: CVE request: kernel: memory disclosure in SO_BSDCOMPAT gsopt Eugene Teo (Feb 24)
    - Re: CVE request: kernel: memory disclosure in SO_BSDCOMPAT gsopt Steven M. Christey (Mar 02)
    - Re: CVE request: kernel: memory disclosure in SO_BSDCOMPAT gsopt Eugene Teo (Mar 02)
    - Re: CVE request: kernel: memory disclosure in SO_BSDCOMPAT gsopt Eugene Teo (Mar 03)
    - Re: CVE request: kernel: memory disclosure in SO_BSDCOMPAT gsopt Florian Weimer (Mar 04)