Linux kernel DCCP information leak - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Linux kernel DCCP information leak
Published: 27.03.2007
Source: BUGTRAQ
SecurityVulns ID: 7478
Type: local
Level: 6/10
Description: Integer overflow in getsockopt for SOL_DCCP gives ability to read content of kernel memory.

Affected: LINUX : kernel 2.6
CVE: CVE-2007-1734 (The DCCP support in the do_dccp_getsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later does not verify the upper bounds of the optlen value, which allows local users running on certain architectures to read kernel memory or cause a denial of service (oops), a related issue to CVE-2007-1730.)
CVE-2007-1730 (Integer signedness error in the DCCP support in the do_dccp_getsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later allows local users to read kernel memory or cause a denial of service (oops) via a negative optlen value.)

Original document Robert Święcki, [Full-disclosure] Linux Kernel DCCP Memory Disclosure Vulnerability (27.03.2007)

Files: Exploits Linux Kernel DCCP Memory Disclosure Vulnerability
Discuss: Read or add your comments to this news (0 comments)