'Re: [oss-security] CVE-2009-2698 kernel: udp socket NULL ptr dereference'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE-2009-2698 kernel: udp socket NULL ptr dereference
From:       Eugene Teo <eugeneteo () kernel ! sg>
Date:       2009-08-30 11:15:34
Message-ID: 4A9A5F56.4000508 () kernel ! sg
[Download RAW message or body]

Eugene Teo wrote:
> A flaw was found in the udp_sendmsg() implementation in the Linux kernel 
> when using the MSG_MORE flag on UDP sockets. A local, unprivileged user 
> could use this flaw to cause a local denial of service or escalate their 
> privileges. This was fixed by Herbert Xu in v2.6.19-rc1, and reported by 
> Tavis Ormandy and Julien Tinnes of the Google Security Team.
> 
> Upstream commits:
> http://git.kernel.org/linus/1e0c14f49d6b393179f423abbac47f85618d3d46
> 
> References:
> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2698
> https://rhn.redhat.com/errata/RHSA-2009-1222.html
> https://rhn.redhat.com/errata/RHSA-2009-1223.html

Related to this:
Add a check in ip_append_data() for NULL *rtp to prevent future bugs in 
callers from being exploitable.
http://git.kernel.org/linus/788d908f2879a17e5f80924f3da2e23f1034482d

Thanks, Eugene
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic