Computer Security
[EN] securityvulns.ru no-pyccku


Linux kernel multiple security vulnerabilities
Published:12.03.2009
Source:
SecurityVulns ID:9731
Type:local
Threat Level:
5/10
Description:Unauthorized skfp_ioctl statistics reset, getsockopt() information leak.
Affected:LINUX : kernel 2.6
CVE:CVE-2009-0676 (The sock_getsockopt function in net/core/sock.c in the Linux kernel before 2.6.28.6 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt request.)
 CVE-2009-0675 (The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel before 2.6.28.6 permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset the driver statistics, related to an "inverted logic" issue.)
Original documentdocumentMANDRIVA, [ MDVSA-2009:071 ] kernel (12.03.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod