Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  NEWS  community  lists  Wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [thread-next>] [month] [year] [list] 
Date: Tue, 25 Aug 2009 13:53:17 +0800
From: Eugene Teo <eugeneteo@...nel.sg>
To: oss-security@...ts.openwall.com
CC: "Steven M. Christey" <coley@...us.mitre.org>
Subject: CVE-2009-2698 kernel: udp socket NULL ptr dereference

A flaw was found in the udp_sendmsg() implementation in the Linux kernel 
when using the MSG_MORE flag on UDP sockets. A local, unprivileged user 
could use this flaw to cause a local denial of service or escalate their 
privileges. This was fixed by Herbert Xu in v2.6.19-rc1, and reported by 
Tavis Ormandy and Julien Tinnes of the Google Security Team.

Upstream commits:
http://git.kernel.org/linus/1e0c14f49d6b393179f423abbac47f85618d3d46

References:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2698
https://rhn.redhat.com/errata/RHSA-2009-1222.html
https://rhn.redhat.com/errata/RHSA-2009-1223.html

Thanks, Eugene

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ