First published: Sun Aug 23 2009(Updated: )
Description of problem: 1) NET: llc, zero sockaddr_llc struct sllc_arphrd member of sockaddr_llc might not be changed. Zero sllc before copying to the above layer's structure. <a href="http://git.kernel.org/linus/3480c63bdf008e9289aab94418f43b9592978fff">http://git.kernel.org/linus/3480c63bdf008e9289aab94418f43b9592978fff</a> <a href="http://git.kernel.org/linus/28e9fc592cb8c7a43e4d3147b38be6032a0e81bc">http://git.kernel.org/linus/28e9fc592cb8c7a43e4d3147b38be6032a0e81bc</a> <a href="http://milw0rm.com/exploits/9513">http://milw0rm.com/exploits/9513</a> Note that LLC sockets are restricted to root since v2.6.25-rc9 (see commit 3480c63b). 2) can: Fix raw_getname() leak raw_getname() can leak 10 bytes of kernel memory to user <a href="http://git.kernel.org/linus/e84b90ae5eb3c112d1f208964df1d8156a538289">http://git.kernel.org/linus/e84b90ae5eb3c112d1f208964df1d8156a538289</a> Note that this was introduced in v2.6.25-rc1. 3) irda: Fix irda_getname() leak irda_getname() can leak kernel memory to user. <a href="http://git.kernel.org/linus/09384dfc76e526c3993c09c42e016372dc9dd22c">http://git.kernel.org/linus/09384dfc76e526c3993c09c42e016372dc9dd22c</a> 4) appletalk: fix atalk_getname() leak atalk_getname() can leak 8 bytes of kernel memory to user <a href="http://git.kernel.org/linus/3d392475c873c10c10d6d96b94d092a34ebd4791">http://git.kernel.org/linus/3d392475c873c10c10d6d96b94d092a34ebd4791</a> <a href="http://milw0rm.com/exploits/9521">http://milw0rm.com/exploits/9521</a> 5) netrom: Fix nr_getname() leak nr_getname() can leak kernel memory to user. <a href="http://git.kernel.org/linus/f6b97b29513950bfbf621a83d85b6f86b39ec8db">http://git.kernel.org/linus/f6b97b29513950bfbf621a83d85b6f86b39ec8db</a> 6) econet: Fix econet_getname() leak econet_getname() can leak kernel memory to user. <a href="http://git.kernel.org/linus/80922bbb12a105f858a8f0abb879cb4302d0ecaa">http://git.kernel.org/linus/80922bbb12a105f858a8f0abb879cb4302d0ecaa</a> 7) rose: Fix rose_getname() leak rose_getname() can leak kernel memory to user. <a href="http://git.kernel.org/linus/17ac2e9c58b69a1e25460a568eae1b0dc0188c25">http://git.kernel.org/linus/17ac2e9c58b69a1e25460a568eae1b0dc0188c25</a> CVE request: <a href="http://article.gmane.org/gmane.comp.security.oss.general/2029">http://article.gmane.org/gmane.comp.security.oss.general/2029</a> <a href="http://article.gmane.org/gmane.comp.security.oss.general/2033">http://article.gmane.org/gmane.comp.security.oss.general/2033</a>
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Linux kernel | =2.6.31-rc4 | |
Linux Linux kernel | =2.6.31-rc1 | |
Linux Linux kernel | =2.6.31-rc6 | |
Linux Linux kernel | =2.6.31-rc5 | |
Linux Linux kernel | =2.6.31-rc3 | |
Linux Linux kernel | =2.6.31-rc2 | |
Linux Linux kernel | =2.6.31 | |
Linux Linux kernel | <2.6.31 | |
Canonical Ubuntu Linux | =6.06 | |
Canonical Ubuntu Linux | =9.04 | |
Canonical Ubuntu Linux | =8.04 | |
Canonical Ubuntu Linux | =8.10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.