The Linux kernel 2.6.0 up to and including 2.6.30.4, and 2.4.4 up to and including 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
linux linux kernel |
||
debian debian linux 4.0 |
||
suse linux enterprise real time 10 |
||
redhat enterprise linux server 5.0 |
||
redhat enterprise linux workstation 5.0 |
||
redhat enterprise linux desktop 4.0 |
||
redhat enterprise linux desktop 5.0 |
||
redhat enterprise linux server 4.0 |
||
redhat enterprise linux workstation 4.0 |
||
redhat enterprise linux server aus 5.3 |
||
redhat enterprise linux eus 5.3 |
||
redhat enterprise linux eus 4.8 |