440782 – Kernel : "uname()" Kernel Memory Disclosure Weakness (CVE-2012-0957)

Bug 440782 - Kernel : "uname()" Kernel Memory Disclosure Weakness (CVE-2012-0957)

Summary: Kernel : "uname()" Kernel Memory Disclosure Weakness (CVE-2012-0957)

Status:	RESOLVED OBSOLETE

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Kernel Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2012-11-01 16:41 UTC by Agostino Sarubbo
Modified:	2018-04-04 18:14 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2012-11-01 16:41:49 UTC

From https://secunia.com/advisories/50895/ :

Description
A weakness has been reported in Linux Kernel, which can be exploited by malicious, local users to 
disclose potentially sensitive system information.

The weakness is caused due to an error when populating the system information structure as a result 
of the "uname()" system call. This can be exploited to disclose some kernel stack-based memory via 
the UNAME26 execution domain.


Solution
Update to a fixed version if available.
Further details available in Customer Area

Provided and/or discovered by
Reported by Brad Spengler via a patch.

Changelog
Further details available in Customer Area

Original Advisory
https://lkml.org/lkml/2012/10/9/550
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.16
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.49
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.33

Comment 1 Aaron Bauman (RETIRED) gentoo-dev

2018-04-04 18:14:30 UTC

There are no longer any 2.x or <3.4.16 kernels available in the repository with the exception of sys-kernel/xbox-sources which is unsupported by security.