| |
|
Security Intelligence Operations
Linux Kernel llc_ui_getname Local Information Disclosure Vulnerability |
| |
| Vulnerability Alert | Powered by  |
|
|
| Threat Type: | Unintended Weakness: Information Disclosure |
|
| IntelliShield ID: | 18927 |
| Version: | 2 |
| First Published: | August 26, 2009 03:31 PM EDT |
| Last Published: | November 04, 2009 10:51 AM EST |
| Vector: | Local |
| Authentication: | Single |
| Exploit: | Functional |
| Port: |
Not Available
|
| CVE: | CVE-2009-3001 |
| BugTraq ID: | 36126 |
| |
| Urgency: |
Unlikely Use
|  |
| Credibility: |
Confirmed
|  |
| Severity: |
Harrassment
| |
| CVSS Base: | 1.7 |
CVSS Calculator
CVSS Version 2
|
| CVSS Temporal: | 1.5 |
|
|
| |
| Version Summary: | Red Hat has released security advisories and updated packages to address the Linux Kernel llc_ui_getname local information disclosure vulnerability. |
| |
| |
 Description |
|
The Linux Kernel contains a vulnerability that could allow a local attacker to access sensitive information.
The vulnerability is due to an error that may occur when the kernel handles data that is associated with sockets. A local attacker could exploit this vulnerability by making crafted networking calls to disclose a small amount of data from the kernel stack. An exploit could result in the disclosure of sensitive information that could be used to launch additional attacks.
Functional exploit code is publicly available.
Kernel.org has confirmed this vulnerability, but stable updates are not available. However, third-party vendor updates are available. |
| |
| Warning Indicators |
|
Linux Kernel versions 2.6.30.5 and prior are vulnerable; however, an attacker must have the CAP_NET_RAW privilege to exploit this vulnerability on versions 2.6.24.5 and later. |
| |
| IntelliShield Analysis |
|
To exploit this vulnerability on Linux Kernel versions 2.6.24.5 and later, the attacker must have the CAP_NET_RAW capability, which allows users to open raw sockets and is typically reserved for use by the root user. |
| |
| Vendor Announcements |
|
|
Red Hat has released security advisories at the following links: RHSA-2009:1540-1 and RHSA-2009:1550-1 |
|
| |
| Impact |
|
A local attacker could exploit this vulnerability to obtain sensitive information from the operating system. The attacker could leverage this information to launch additional attacks. |
| |
| Technical Information |
|
An attacker with local account access could exploit this vulnerability. Additional authentication is not required.
The vulnerability exists because the llc_ui_getname kernel function, which is in the net/llc/af_llc.c source file, fails to zero out a data structure before passing it to another networking layer. A local attacker could exploit this vulnerability by making crafted requests to networking sockets. An exploit could lead to the disclosure of 5 bytes of kernel memory from the operating system stack. The attacker could leverage this data to launch additional attacks. |
| |
| Safeguards |
|
Administrators are advised to apply the appropriate updates.
Administrators are advised not to grant the CAP_NET_RAW capability to untrusted users.
Administrators are advised to limit local access to affected systems to trusted users.
Administrators are advised to monitor affected systems for signs of suspicious activities. |
| |
| Patches/Software |
|
|
Red Hat packages can be updated using the up2date or yum command. |
|
| |
| Alert History |
| |
Version 1, August 26, 2009, 3:31 PM: The Linux Kernel contains a vulnerability that could allow a local attacker to access sensitive information. Updates are not available. |
|
Product Sets |
| |
The security vulnerability applies to the following combinations of products.
| Primary Products: |
| Linus Torvalds | Linux Kernel | 2.6.0 .0 | 2.6.1 .0 | 2.6.10 .0 | 2.6.11 .0, .1, .10, .11, .12, .2, .3, .4, .5, .6, .7, .8, .9 | 2.6.12 .0, .1, .2, .3, .4, .5, .6 | 2.6.13 .0, .1, .2, .3, .4, .5 | 2.6.14 .0, .1, .2, .3, .4, .5, .6, .7 | 2.6.15 .0, .1, .2, .3, .4, .5, .6, .7 | 2.6.16 .0, .1, .10, .11, .12, .13, .14, .15, .16, .17, .18, .19, .2, .20, .21, .22, .23, .24, .25, .26, .27, .28, .29, .3, .30, .31, .32, .33, .34, .35, .36, .37, .38, .39, .4, .40, .41, .42, .43, .44, .45, .46, .47, .48, .49, .5, .50, .51, .52, .53, .54, .55, .56, .57, .58, .59, .6, .60, .61, .62, .7, .8, .9 | 2.6.17 .0, .1, .10, .11, .12, .13, .14, .2, .3, .4, .5, .6, .7, .8, .9 | 2.6.18 .0, .1, .2, .3, .4, .5, .6, .7, .8 | 2.6.19 .0, .1, .2, .3, .4, .5, .6, .7 | 2.6.2 .0 | 2.6.20 .0, .1, .10, .11, .12, .13, .14, .15, .16, .17, .18, .19, .2, .20, .21, .3, .4, .5, .6, .7, .8, .9 | 2.6.21 .0, .1, .2, .3, .4, .5, .6, .7 | 2.6.22 .0, .1, .10, .11, .12, .13, .14, .15, .16, .17, .18, .19, .2, .3, .4, .5, .6, .7, .8, .9 | 2.6.23 .0, .1, .10, .11, .12, .13, .14, .15, .16, .17, .2, .3, .4, .5, .6, .7, .8, .9 | 2.6.24 .0, .1, .2, .3, .4, .5, .6, .7 | 2.6.25 .0, .1, .10, .11, .12, .13, .14, .15, .16, .17, .18, .19, .2, .20, .3, .4, .5, .6, .7, .8, .9 | 2.6.26 .0, .1, .2, .3, .4, .5, .6, .7 | 2.6.27 .0, .1, .10, .11, .12, .13, .14, .15, .16, .17, .18, .19, .2, .20, .21, .3, .4, .5, .6, .7, .8, .9 | 2.6.28 .0, .1, .2, .3, .4, .5, .6, .7, .8, .9 | 2.6.29 .0, .1, .2, .3 | 2.6.3 .0 | 2.6.30 .1, .2, .3, .4, Base | 2.6.4 .0 | 2.6.5 .0 | 2.6.6 .0 | 2.6.7 .0 | 2.6.8 .0, .1 | 2.6.9 .0 |
|
|
LEGAL DISCLAIMER
The urgency and severity ratings of this alert are not tailored to individual users; users may value alerts differently based upon their network configurations and circumstances. THE ALERT, AND INFORMATION CONTAINED THEREIN, ARE PROVIDED ON AN "AS IS" BASIS AND DO NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE ALERT, AND INFORMATION CONTAINED THEREIN, OR MATERIALS LINKED FROM THE ALERT, IS AT YOUR OWN RISK. INFORMATION IN THIS ALERT AND ANY RELATED COMMUNICATIONS IS BASED ON OUR KNOWLEDGE AT THE TIME OF PUBLICATION AND IS SUBJECT TO CHANGE WITHOUT NOTICE. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME. |
|
|
