Computer Security

Linux kernel uninitialized pointers
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Linux kernel uninitialized pointers
updated since 14.08.2009
Published:31.08.2009
Source:BUGTRAQ
SecurityVulns ID:10150
Type:local
Level:7/10
Description:proto_ops structure uninitialized pointers.
Affected:LINUX : kernel 2.4
 LINUX : kernel 2.6
CVE:CVE-2009-2692 (The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.)
Original documentdocumentRamon de Carvalho Valle, [Full-disclosure] Illustrating the Linux sock_sendpage() NULL pointer dereference on Power/Cell BE Architecture (31.08.2009)
 documentTavis Ormandy, Linux NULL pointer dereference due to incorrect proto_ops initializations (14.08.2009)
Files:proto_ops uninitialized pointer exploit
 Exploits Linux sock_sendpage() NULL pointer dereference
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru