vendor:
Linux Kernel
by:
dreyer
5.5
CVSS
MEDIUM
Memory Leak
415
CWE
Product Name: Linux Kernel
Affected Version From: Linux Kernel < 2.6.20.2
Affected Version To:
Patch Exists: YES
Related CWE: CVE-2007-1000
CPE: o:linux:linux_kernel
Platforms Tested:
2007
Linux Kernel IPV6_Getsockopt_Sticky Memory Leak Proof Of Concept
This proof of concept code demonstrates a memory leak vulnerability in the Linux Kernel. It dumps the memory mapped between INI and END addresses. The vulnerability is based on a null pointer dereference and can be exploited to read arbitrary memory. The code sets np->opt to NULL through IPV6_2292PKTOPTIONS and then maps a memory region at address 0x00000000. It then sets ptr to point to np->opt->hopopt and iterates through memory addresses between INIADDR and ENDADDR, retrieving the chunks pointed by hopopt through getsockopt IPV6_DSTOPTS and printing them to stdout.
Mitigation:
Upgrade to Linux Kernel version 2.6.20.2 or later.