UNIX sockets kernel panic

2008-11-11 / 2008-11-12
Risk: Low
Local: Yes
Remote: No


CVSS Base Score: 4.9/10
Impact Subscore: 6.9/10
Exploitability Subscore: 3.9/10
Exploit range: Local
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Complete

The following code causes a kernel panic on Linux 2.6.26: http://darkircop.org/unix.c I haven't investigated the bug so I'm not sure what is causing it, and don't know if it's exploitable. The code passes unix sockets from one process to another using unix sockets. The bug probably has to do with closing file descriptors. [I'm not subscribed to the list so please CC me if you answer.] -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html

References:

http://www.securityfocus.com/bid/32154
https://bugzilla.redhat.com/show_bug.cgi?id=470201
http://www.openwall.com/lists/oss-security/2008/11/06/1
http://marc.info/?l=linux-netdev&m=122593044330973&w=2
http://darkircop.org/unix.c


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top