Linux Kernel "drivers/scsi/gdth. c" IOCTL Local Privilege Escalation Vulnerability

Linux Kernel "drivers/scsi/gdth. c" IOCTL Local Privilege Escalation Vulnerability

Release date:
Updated on:

Affected Systems:
Linux kernel 2.6.0-2.6.37
Description:
--------------------------------------------------------------------------------
Bugtraq id: 44648
Cve id: CVE-2010-4157

Linux Kernel is the Kernel used by open source Linux.

Linux Kernel has a vulnerability in implementation. Attackers can exploit this vulnerability to execute arbitrary code at the Kernel level and completely control the affected computers.

This vulnerability is caused by an integer overflow error in ioctl.

<* Source: Dan Carpenter (error27@gmail.com)

*>

Test method:
--------------------------------------------------------------------------------

Alert

The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!

Dan Carpenter (error27@gmail.com) provides the following test methods:

--- A/drivers/scsi/gdth. c ++ B/drivers/scsi/gdth. c @-Route 7, 6 + Route 7, 14 @ static int ioc_general (void _ user * arg, char * cmnd) ha = gdth_find_ha (gen. ionode); if (! Ha) return-EFAULT; ++ if (gen. data_len> INT_MAX) + return-EINVAL; + if (gen. sense_len> INT_MAX) + return-EINVAL; + if (gen. data_len + gen. sense_len> INT_MAX) + return-EINVAL; + if (gen. data_len + gen. sense_len! = 0) {if (! (Buf = gdth_ioctl_alloc (ha, gen. data_len + gen. sense_len, FALSE, & paddr )))

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Linux
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://www.kernel.org/