linux kernel 2.6.37 rc1 net: ax25 fix information leak to userland

2011.01.06
Risk: Low
Local: Yes
Remote: No
CWE: CWE-200


CVSS Base Score: 1.9/10
Impact Subscore: 2.9/10
Exploitability Subscore: 3.4/10
Exploit range: Local
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: None
Availability impact: None

Sometimes ax25_getname() doesn't initialize all members of fsa_digipeater field of fsa struct. This structure is then copied to userland. It leads to leaking of contents of kernel stack memory. We have to initialize them to zero. Signed-off-by: Vasiliy Kulikov <segooon@gmail.com> --- net/ax25/af_ax25.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/net/ax25/af_ax25.c b/net/ax25/af_ax25.c index 26eaebf..a324d83 100644 --- a/net/ax25/af_ax25.c +++ b/net/ax25/af_ax25.c @@ -1392,6 +1392,7 @@ static int ax25_getname(struct socket *sock, struct sockaddr *uaddr, ax25_cb *ax25; int err = 0; + memset(&fsa->fsa_digipeater, 0, sizeof(fsa->fsa_digipeater)); lock_sock(sk); ax25 = ax25_sk(sk); -- 1.7.0.4 -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html

References:

https://bugzilla.redhat.com/show_bug.cgi?id=649713
http://openwall.com/lists/oss-security/2010/11/04/5
http://openwall.com/lists/oss-security/2010/11/02/7
http://marc.info/?l=linux-netdev&m=128854507120898&w=2
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fe10ae53384e48c51996941b7720ee16995cbcb7
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc2


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top