| Summary: | Kernel : ping: NULL pointer dereference on write to msg_name (CVE-2013-6432) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Kernel | Assignee: | Gentoo Kernel Security <security-kernel> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | kernel |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1039046 | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
CVE-2013-6432 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6432): The ping_recvmsg function in net/ipv4/ping.c in the Linux kernel before 3.12.4 does not properly interact with read system calls on ping sockets, which allows local users to cause a denial of service (NULL pointer dereference and system crash) by leveraging unspecified privileges to execute a crafted application. Fix in 3.12.4 |
From ${URL} : Linux kernel built with the TCP/IP networking support(CONFIG_NET) is vulnerable to a NULL pointer dereference flaw. It could occur via a plain read(2) call on a ping socket. Usage of ping sockets is generally restricted to privileged users. A user/program able to read from ping sockets could use this flaw to crash a system resulting in DoS. Upstream fix: ------------- -> https://git.kernel.org/linus/cf970c002d270c36202bd5b9c2804d3097a52da0