oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2009-2698 kernel: udp socket NULL ptr dereference

From: Eugene Teo <eugeneteo () kernel sg>
Date: Tue, 25 Aug 2009 13:53:17 +0800
A flaw was found in the udp_sendmsg() implementation in the Linux kernel when using the MSG_MORE flag on UDP sockets. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. This was fixed by Herbert Xu in v2.6.19-rc1, and reported by Tavis Ormandy and Julien Tinnes of the Google Security Team. 

Upstream commits:
http://git.kernel.org/linus/1e0c14f49d6b393179f423abbac47f85618d3d46

References:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2698
https://rhn.redhat.com/errata/RHSA-2009-1222.html
https://rhn.redhat.com/errata/RHSA-2009-1223.html

Thanks, Eugene
Previous By Date Next
Previous By Thread Next

Current thread: