SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   VMware Vendors:   VMware
(VMware Issues Fix) Linux Kernel 64-bit to 32-bit File Offset Conversion Errors Disclose Kernel Memory to Local Users
SecurityTracker Alert ID:  1012917
SecurityTracker URL:  http://securitytracker.com/id/1012917
CVE Reference:   CVE-2004-0415   (Links to External Site)
Date:  Jan 18 2005
Impact:   Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in the Linux kernel in the processing of 64-bit file offset pointers. A local user can view kernel memory. VMware is affected.

Paul Starzetz reported that the kernel's file handling API does not properly convert 64-bit file offsets to 32-bit file offsets. In addition, the kernel provides insecure access to the file offset member variable. As a result, a local user can gain read access to large portions of kernel memory.

It is reported that most of the /proc entries (such as /proc/version) leak approximately one page of unitialized kernel memory.

Improper conversions were identified in dozens of places within the code.

The original advisory is available at:

http://isec.pl/vulnerabilities/isec-0016-procleaks.txt

Impact:   A local user can read large portions of kernel memory.
Solution:   VMware has issued a fix for the VMware ESX Server.

VMware ESX Server 2.1.2 Security Update:

http://www.vmware.com/download/esx/esx212-10921update.html


VMware ESX Server 2.0.1 Patch 1 Security Update:

http://www.vmware.com/download/esx/esx201-11429update.html

VMware ESX Server 1.5.2 Patch 6 Security Update:

http://www.vmware.com/download/esx/esx152-10816update.html

Cause:   Access control error, State error

Message History:   This archive entry is a follow-up to the message listed below.
Aug 4 2004 Linux Kernel 64-bit to 32-bit File Offset Conversion Errors Disclose Kernel Memory to Local Users



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC