SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Your Ad Here
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  OS (Linux)  >  Linux Kernel Vendors:  kernel.org
Linux Kernel AMD64 Memory Copy Bug Lets Local Users View Memory Contents
SecurityTracker Alert ID:  1020364
SecurityTracker URL:  http://securitytracker.com/id?1020364
CVE Reference:  CVE-2008-2729   (Links to External Site)
Date:  Jun 26 2008
Impact:  Disclosure of system information, Disclosure of user information
Fix Available:  Yes   Vendor Confirmed:  Yes  
Version(s): prior to 2.6.19
Description:  A vulnerability was reported in the Linux Kernel. A local user can view potentially sensitive memory contents.

The __copy_from_user_inatomic() function on certain AMD64-based systems does not properly initialize the destination memory location when copying kernel memory. A local user can exploit this to view potentially sensitive information.
Impact:  A local user can view potentially sensitive memory contents.
Solution:  The vendor has issued a fix, available at:

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=3022d734a54cbd2b65eea9a024564821101b4a9a;hp=f0f4c3432e5e1087b3a8c0e6bd4113d3c37497ff
Vendor URL:  www.kernel.org/ (Links to External Site)
Cause:  Access control error
Underlying OS:  Linux (Caldera/SCO), Linux (Conectiva), Linux (Debian), Linux (EnGarde), Linux (Gentoo), Linux (HP Secure OS), Linux (Immunix), Linux (Mandriva/Mandrake), Linux (Progeny Debian), Linux (Red Hat Enterprise), Linux (Red Hat Fedora), Linux (Red Hat Linux), Linux (SGI), Linux (Slackware), Linux (Sun), Linux (SuSE), Linux (Trustix), Linux (Turbo Linux), Linux (Ubuntu), Linux (Xandros)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jun 26 2008 (Red Hat Issues Fix) Linux Kernel AMD64 Memory Copy Bug Lets Local Users View Memory Contents   (bugzilla@redhat.com)
Red Hat has released a fix for Red Hat Enterprise Linux 5.
Jun 26 2008 (Red Hat Issues Fix) Linux Kernel AMD64 Memory Copy Bug Lets Local Users View Memory Contents   (bugzilla@redhat.com)
Red Hat has released a fix for Red Hat Enterprise Linux 4.
Aug 27 2008 (Red Hat Issues Fix) Linux Kernel AMD64 Memory Copy Bug Lets Local Users View Memory Contents   (bugzilla@redhat.com)
Red Hat has released a fix for Red Hat Enterprise Linux 5.


 Source Message Contents
Date:  Wed, 25 Jun 2008 14:48:03 -0400
Subject:  Linux Kernel

 
 
Red Hat:
 
* A security flaw was found in the Linux kernel memory copy routines, when
running on certain AMD64 systems. If an unsuccessful attempt to copy kernel
memory from source to destination memory locations occurred, the copy
routines did not zero the content at the destination memory location. This
could allow a local unprivileged user to view potentially sensitive data.
(CVE-2008-2729, Important)


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2007, SecurityGlobal.net LLC