September 11, 2005

Linux Kernel "raw_sendmsg()" and "sendmsg()" Local Vulnerabilities

Technical Description *

Two vulnerabilities were identified in Linux Kernel, which could be exploited by local attackers to obtain elevated privileges, cause a denial of service, or disclose sensitive information.

The first issue is due to an error in "raw_sendmsg()", which could be exploited by local attackers to disclose the contents of kernel memory or cause a denial of service by manipulating hardware state.

The second flaw is due to a buffer overflow error in "sendmsg()" when copying 32bit "msg_control" contents to kernel, which could be exploited by local attackers to execute arbitrary commands with "root" privileges.

Link: FrSirt

Click Here!