Your submission was sent successfully! Close

CVE-2009-0676

Published: 22 February 2009

The sock_getsockopt function in net/core/sock.c in the Linux kernel before 2.6.28.6 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt request.

From the Ubuntu security team

The getsockopt function did not correctly clear certain parameters. A local attacker could read leaked kernel memory, leading to a loss of privacy.

Notes

AuthorNote
mdeslaur
PoC: http://patchwork.kernel.org/patch/6816/
Priority

Medium

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
dapper Does not exist

gutsy Does not exist

hardy
Released (2.6.24-23.52)
intrepid
Released (2.6.27-11.31)
upstream
Released (2.6.29~rc5)
Patches:
upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=df0bca049d01c0ee94afb7cd5dfd959541e6c8da
linux-source-2.6.15
Launchpad, Ubuntu, Debian
dapper
Released (2.6.15-54.76)
gutsy Does not exist

hardy Does not exist

intrepid Does not exist

upstream
Released (2.6.29~rc5)
linux-source-2.6.22
Launchpad, Ubuntu, Debian
dapper Does not exist

gutsy
Released (2.6.22-16.62)
hardy Does not exist

intrepid Does not exist

upstream
Released (2.6.29~rc5)