Linux Kernel copy_user() IA32 Emulation Bug Discloses Information to Local Users
|
|
SecurityTracker Alert ID: 1020367
|
|
SecurityTracker URL: http://securitytracker.com/id?1020367
|
|
CVE Reference: CVE-2008-0598
(Links to External Site)
|
Date: Jun 26 2008
|
Impact: Disclosure of system information, Disclosure of user information
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 2.6
|
Description: A vulnerability was reported in the Linux Kernel. A local user can obtain potentially sensitive information.
The copy_user() function on linux x86_64 systems when in ia32 emulation does not properly initialize memory. A local user can exploit
this to obtain potentially sensitive data from uninitialized memory.
Tavis Ormandy reported this vulnerability.
|
Impact: A local user can obtain potentially sensitive information.
|
Solution: The vendor has issued a fix.
|
Vendor URL: www.kernel.org/ (Links to External Site)
|
Cause: Access control error
|
Underlying OS: Linux (Caldera/SCO), Linux (Conectiva), Linux (Debian), Linux (EnGarde), Linux (Gentoo), Linux (HP Secure OS), Linux (Immunix), Linux (Mandriva/Mandrake), Linux (Progeny Debian), Linux (Red Hat Enterprise), Linux (Red Hat Fedora), Linux (Red Hat Linux), Linux (SGI), Linux (Slackware), Linux (Sun), Linux (SuSE), Linux (Trustix), Linux (Turbo Linux), Linux (Ubuntu), Linux (Xandros)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Wed, 25 Jun 2008 23:59:13 -0400
Subject: Linux Kernel
|
Red Hat:
* Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and
64-bit emulation. This could allow a local unprivileged user to prepare and
run a specially crafted binary, which would use this deficiency to leak
uninitialized and potentially sensitive data. (CVE-2008-0598, Important)
|
|
