Vigil@nce - Linux kernel: memory reading via UNAME26
October 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use the UNAME26 personality, in order to read a
fragment of kernel memory.
Impacted products: Linux
Severity: 1/4
Creation date: 10/10/2012
DESCRIPTION OF THE VULNERABILITY
The personality() function is used to change the behavior of the
system. The UNAME26 personality indicates to return information in
uname() which are in the format of kernel version 2.6
The override_release() function of file kernel/sys.c obtains the
Release name. However, in UNAME26 mode, this function does not
initialize a memory area. The uname() function then returns a
memory area coming from the kernel.
An attacker can therefore use the UNAME26 personality, in order to
read a fragment of kernel memory.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-memory-reading-via-UNAME26-12051