|
|
|
View Notes By
|
|
|
|
Other Documents
|
|
|
|
 |
Vulnerability Note VU#604846
sendfile() system call may leak sections of kernel memory
OverviewThe sendfile() system call does not handle specially crafted files properly. Exploitation of this vulnerability may leak sensitive information to a local attacker.
I. DescriptionThe sendfile() system call is used to send a file through a socket without copying the file data into memory. A vulnerability exists in certain implementations of sendfile() that may allow an attacker to view sensitive kernel memory. If sendfile() is supplied a file that is then truncated during transmission, sendfile() may send sections of kernel memory through the socket. The contents of the leaked memory depends on what programs or files have recently been loaded and/or executed.II. ImpactA local attacker may be able to view sections of kernel memory that contain sensitive information. For instance, it may be possible for an attacker can gain access to authentication information, such as passwords and usernames. III. SolutionCheck with Vendor
Users who suspect they are vulnerable are encouraged to check with their vendor to determine the appropriate action to take. Please see the list of vendors we have notified below.
Systems Affected
| Vendor | Status | Date Notified | Date Updated |
|---|
| Apple Computer, Inc. | Not Vulnerable | 21-Apr-2005 |
| Cray Inc. | Unknown | 7-Apr-2005 |
| Debian Linux | Unknown | 7-Apr-2005 |
| EMC Corporation | Unknown | 7-Apr-2005 |
| Engarde | Unknown | 7-Apr-2005 |
| F5 Networks, Inc. | Not Vulnerable | 10-Jan-2006 |
| FreeBSD, Inc. | Vulnerable | 13-Apr-2005 |
| Fujitsu | Unknown | 7-Apr-2005 |
| Hewlett-Packard Company | Unknown | 7-Apr-2005 |
| Hitachi | Unknown | 7-Apr-2005 |
| IBM Corporation | Unknown | 7-Apr-2005 |
| IBM eServer | Unknown | 7-Apr-2005 |
| IBM zSeries | Unknown | 7-Apr-2005 |
| Immunix | Unknown | 7-Apr-2005 |
| Ingrian Networks, Inc. | Unknown | 7-Apr-2005 |
| Juniper Networks, Inc. | Unknown | 7-Apr-2005 |
| Mandriva, Inc. | Unknown | 7-Apr-2005 |
| Mandriva, Inc. | Unknown | 7-Apr-2005 |
| Microsoft Corporation | Not Vulnerable | 18-Apr-2005 |
| MontaVista Software, Inc. | Unknown | 7-Apr-2005 |
| NEC Corporation | Unknown | 7-Apr-2005 |
| NetBSD | Unknown | 7-Apr-2005 |
| Nokia | Unknown | 7-Apr-2005 |
| Novell, Inc. | Unknown | 7-Apr-2005 |
| OpenBSD | Unknown | 7-Apr-2005 |
| OpenBSD | Not Vulnerable | 6-Apr-2005 |
| Openwall GNU/*/Linux | Unknown | 7-Apr-2005 |
| Quality | Not Vulnerable | 28-Apr-2005 |
| Red Hat, Inc. | Unknown | 24-Aug-2005 |
| Red Hat, Inc. | Not Vulnerable | 23-Aug-2005 |
| Sequent Computer Systems, Inc. | Unknown | 7-Apr-2005 |
| SGI | Unknown | 7-Apr-2005 |
| Sony Corporation | Unknown | 7-Apr-2005 |
| Sun Microsystems, Inc. | Unknown | 7-Apr-2005 |
| SUSE Linux | Unknown | 7-Apr-2005 |
| The SCO Group (SCO Linux) | Unknown | 7-Apr-2005 |
| The SCO Group (SCO Unix) | Unknown | 7-Apr-2005 |
| TurboLinux | Not Vulnerable | 28-Apr-2005 |
| Unisys | Unknown | 7-Apr-2005 |
| Wind River Systems, Inc. | Unknown | 7-Apr-2005 |
References
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:02.sendfile.asc
Credit
Thanks to Marc Olzheim for reporting this vulnerability.
This document was written by Jeff Gennari.
Other Information
| Date Public: | 2005-04-20 |
| Date First Published: | 2005-04-20 |
| Date Last Updated: | 2006-01-10 |
| CERT Advisory: | |
| CVE-ID(s): | CAN-2005-0708 |
| NVD-ID(s): | CAN-2005-0708 |
| US-CERT Technical Alerts: | |
| Metric: | 0.76 |
| Document Revision: | 62 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
|
Get Adobe Reader