|
|
Info |
Last Modified |
| about 1 year ago |
|
|
|
|
|
Description |
The Linux kernel contains a flaw that may lead to local memory disclosure. The issue is due to net/ipv4/netfilter/ip_conntrack_core.c, net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c and net/ipv4/af_inet.c not properly clearing the 'sockaddr_in.sin_zero' struct. The resulting 6 byte leak to userspace occurs when returning IPv4 socket names from getsockopt(), getpeername(), accept() and getsockname() functions. This could allow a local attacker to possibly obtain sensitive information.
|
|
Classification |
Location:
Local Access Required
Attack Type:
Information Disclosure
Impact:
Loss of Confidentiality
Exploit:
Exploit Unknown
Disclosure:
OSVDB Verified
|
|
Solution |
Upgrade to version 2.6.18 or higher, as it has been reported to fix this vulnerability. In addition, Pavel Kankovsky has released a patch for some older versions.
|
|
Products |
|
Kernel
 |
2.4.1 |
2.4.2 |
2.4.3 |
2.4.4 |
2.4.5 |
2.4.6 |
2.4.7 |
2.4.8 |
2.4.9 |
2.4 |
2.4.1x |
2.6.1 |
2.6.2 |
2.6.3 |
2.6.4 |
2.6.5 |
2.5.x |
2.6.6 |
2.6 |
2.6.7 |
2.6.8 |
2.6.9 |
2.6.10 |
2.6.11 |
2.6.14 |
2.6.12 |
2.6.15 |
2.6.16 |
2.4.32 |
2.6.13 |
2.4.2x |
2.4.30 |
2.4.31 |
2.4.33.1 |
2.4.33.2 |
|
|
|
|
|
|
Credit |
Unknown or Incomplete
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
