CVE-2008-5079

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2008-5079 to a friend

New vulnerability?
New tool?
Tell us

Credit:
The information has been provided by Hugo Dias.

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2008-5079

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* Linux kernel version 2.6.x

A vulnerability exists in Linux Kernel which can be exploited by malicious users to cause a Denial of Service.

It seems that calling the svc_listen function in 'net/atm/svc.c' twice on same socket, will create unassigned PVC/SVC entries, despite returning EUNATCH.

This entries are visible using proc filesystem.

#cat /proc/net/atm/vc
Address Itf ...
c7f34400 Unassigned ...
c7f34400 Unassigned ...
c7f34400 Unassigned ...
.......

The code in 'net/atm/proc.c', responsible for displaying this info, can't handle the unassigned entries. Kernel will freeze with infinite loop in 'proc.c' if we cat '/proc/net/atm/pvc' :

net/atm/proc.c:

074 static inline int compare_family(struct sock *sk, int family)
073 {
074 return !family || (sk->sk_family == family);
075 }

091 try_again:
092 for (; sk; sk = sk_next(sk)) {
093 l -= compare_family(sk, family); <<<<<<<<<
094 if (l < 0)
095 goto out;
096 }

CVE Information:
CVE-2008-5079

Patch:
http://marc.info/?l=linux-netdev&m=122841256115780&w=2

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus