Published: 29 November 2010
The ipc subsystem in the Linux kernel before 2.6.37-rc1 does not initialize certain structures, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the (1) compat_sys_semctl, (2) compat_sys_msgctl, and (3) compat_sys_shmctl functions in ipc/compat.c; and the (4) compat_sys_mq_open and (5) compat_sys_mq_getsetattr functions in ipc/compat_mq.c.
From the Ubuntu security team
Dan Rosenberg discovered that IPC structures were not correctly initialized on 64bit systems. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy.
|jdstrand||dapper_linux-source-2.6.15 was marked as pending, but it was not included in 2.6.15-57.94. Marking as needed.|