UNIX sockets kernel panic

2008.11.12

Credit: Andrea Bittau

Risk: Low

Local: Yes

Remote: No

CVE: CVE-2008-5029

CWE: NVD-CWE-DesignError

CVSS Base Score: 4.9/10

Impact Subscore: 6.9/10

Exploitability Subscore: 3.9/10

Exploit range: Local

Attack complexity: Low

Authentication: No required

Confidentiality impact: None

Integrity impact: None

Availability impact: Complete

The following code causes a kernel panic on Linux 2.6.26:
http://darkircop.org/unix.c
I haven't investigated the bug so I'm not sure what is causing it, and
don't know if it's exploitable. The code passes unix sockets from one
process to another using unix sockets. The bug probably has to do with
closing file descriptors.
[I'm not subscribed to the list so please CC me if you answer.]
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

References:

http://www.securityfocus.com/bid/32154

https://bugzilla.redhat.com/show_bug.cgi?id=470201

http://www.openwall.com/lists/oss-security/2008/11/06/1

http://marc.info/?l=linux-netdev&m=122593044330973&w=2

http://darkircop.org/unix.c

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

UNIX sockets kernel panic

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.