[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE-2009-2698 kernel: udp socket NULL ptr dereference
From: Eugene Teo <eugeneteo () kernel ! sg>
Date: 2009-08-30 11:15:34
Message-ID: 4A9A5F56.4000508 () kernel ! sg
[Download RAW message or body]
Eugene Teo wrote:
> A flaw was found in the udp_sendmsg() implementation in the Linux kernel
> when using the MSG_MORE flag on UDP sockets. A local, unprivileged user
> could use this flaw to cause a local denial of service or escalate their
> privileges. This was fixed by Herbert Xu in v2.6.19-rc1, and reported by
> Tavis Ormandy and Julien Tinnes of the Google Security Team.
>
> Upstream commits:
> http://git.kernel.org/linus/1e0c14f49d6b393179f423abbac47f85618d3d46
>
> References:
> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2698
> https://rhn.redhat.com/errata/RHSA-2009-1222.html
> https://rhn.redhat.com/errata/RHSA-2009-1223.html
Related to this:
Add a check in ip_append_data() for NULL *rtp to prevent future bugs in
callers from being exploitable.
http://git.kernel.org/linus/788d908f2879a17e5f80924f3da2e23f1034482d
Thanks, Eugene
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic