Linux Kernel Setsockopt MCAST_MSFILTER Integer Overflow Vulnerability
BID:10179
Info
Linux Kernel Setsockopt MCAST_MSFILTER Integer Overflow Vulnerability
| Bugtraq ID: | 10179 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2004-0424 |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 20 2004 12:00AM |
| Updated: | May 25 2007 11:21PM |
| Credit: | Paul Starzetz is credited with initial discovery and Wojciech Purczynski is credited with followup research. |
| Vulnerable: |
Slackware Linux 9.1 Slackware Linux -current SGI ProPack 3.0 Linux kernel 2.6.3 Linux kernel 2.6.2 Linux kernel 2.6.1 -rc2 Linux kernel 2.6.1 -rc1 Linux kernel 2.6.1 Linux kernel 2.4.25 Linux kernel 2.4.24 -ow1 Linux kernel 2.4.24 Linux kernel 2.4.23 -pre9 Linux kernel 2.4.23 -ow2 Linux kernel 2.4.23 Linux kernel 2.4.22 |
| Not Vulnerable: |
Linux kernel 2.6.5 Linux kernel 2.6.4 Linux kernel 2.4.26 |
Discussion
Linux Kernel Setsockopt MCAST_MSFILTER Integer Overflow Vulnerability
An integer-overflow vulnerability has been reported in the 'setsockopt()' system call. This was introduced as of the 2.4.22/2.6.1 kernel releases.
The specific issue resides in the 'net/ipv4/ip_sockglue.c' source file and is present in the 'ip_setsockopt()' subroutine of the 'setsockopt()' system call. Within this subroutine, an integer overflow occurs within the IP_MSFILTER_SIZE macro, which is used when setting the MCAST_MSFILTER socket option.
A local attacker may exploit this issue to compromise the system or cause a denial of service. Note that this type of vulnerability may provide a generic means of privilege escalation across Linux distributions after a remote attacker has gained unauthorized access as a lower-privileged user.
An integer-overflow vulnerability has been reported in the 'setsockopt()' system call. This was introduced as of the 2.4.22/2.6.1 kernel releases.
The specific issue resides in the 'net/ipv4/ip_sockglue.c' source file and is present in the 'ip_setsockopt()' subroutine of the 'setsockopt()' system call. Within this subroutine, an integer overflow occurs within the IP_MSFILTER_SIZE macro, which is used when setting the MCAST_MSFILTER socket option.
A local attacker may exploit this issue to compromise the system or cause a denial of service. Note that this type of vulnerability may provide a generic means of privilege escalation across Linux distributions after a remote attacker has gained unauthorized access as a lower-privileged user.
Exploit / POC
Linux Kernel Setsockopt MCAST_MSFILTER Integer Overflow Vulnerability
A working exploit has been developed by one of the individuals who researched this vulnerability. This exploit is not publicly available or known to be circulating in the wild.
The following proof-of-concept and exploit codes are avaialble:
A working exploit has been developed by one of the individuals who researched this vulnerability. This exploit is not publicly available or known to be circulating in the wild.
The following proof-of-concept and exploit codes are avaialble:
Solution / Fix
Linux Kernel Setsockopt MCAST_MSFILTER Integer Overflow Vulnerability
Solution:
This issue has been addressed in the 2.4.26 and 2.6.4 kernel releases. Please see the references for more information.
Linux kernel 2.4.22
Linux kernel 2.4.23 -pre9
Linux kernel 2.4.23 -ow2
Linux kernel 2.4.23
Linux kernel 2.4.24 -ow1
Linux kernel 2.4.24
Linux kernel 2.4.25
Linux kernel 2.6.1 -rc2
Linux kernel 2.6.1 -rc1
Linux kernel 2.6.2
Linux kernel 2.6.3
Solution:
This issue has been addressed in the 2.4.26 and 2.6.4 kernel releases. Please see the references for more information.
Linux kernel 2.4.22
-
Fedora kernel-2.4.22-1.2188.nptl.athlon.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386 /kernel-2.4.22-1.2188.nptl.athlon.rpm -
Fedora kernel-2.4.22-1.2188.nptl.i586.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386 /kernel-2.4.22-1.2188.nptl.i586.rpm -
Fedora kernel-2.4.22-1.2188.nptl.i686.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386 /kernel-2.4.22-1.2188.nptl.i686.rpm -
Fedora kernel-2.4.22-1.2188.nptl.x86_64.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/x86_ 64/kernel-2.4.22-1.2188.nptl.x86_64.rpm -
Fedora kernel-BOOT-2.4.22-1.2188.nptl.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386 /kernel-BOOT-2.4.22-1.2188.nptl.i386.rpm -
Fedora kernel-debuginfo-2.4.22-1.2188.nptl.athlon.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386 /debug/kernel-debuginfo-2.4.22-1.2188.nptl.athlon.rpm -
Fedora kernel-debuginfo-2.4.22-1.2188.nptl.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386 /debug/kernel-debuginfo-2.4.22-1.2188.nptl.i386.rpm -
Fedora kernel-debuginfo-2.4.22-1.2188.nptl.i586.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386 /debug/kernel-debuginfo-2.4.22-1.2188.nptl.i586.rpm -
Fedora kernel-debuginfo-2.4.22-1.2188.nptl.i686.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386 /debug/kernel-debuginfo-2.4.22-1.2188.nptl.i686.rpm -
Fedora kernel-debuginfo-2.4.22-1.2188.nptl.x86_64.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/x86_ 64/debug/kernel-debuginfo-2.4.22-1.2188.nptl.x86_64.rpm -
Fedora kernel-doc-2.4.22-1.2188.nptl.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386 /kernel-doc-2.4.22-1.2188.nptl.i386.rpm -
Fedora kernel-doc-2.4.22-1.2188.nptl.x86_64.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/x86_ 64/kernel-doc-2.4.22-1.2188.nptl.x86_64.rpm -
Fedora kernel-smp-2.4.22-1.2188.nptl.athlon.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386 /kernel-smp-2.4.22-1.2188.nptl.athlon.rpm -
Fedora kernel-smp-2.4.22-1.2188.nptl.i686.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386 /kernel-smp-2.4.22-1.2188.nptl.i686.rpm -
Fedora kernel-smp-2.4.22-1.2188.nptl.x86_64.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/x86_ 64/kernel-smp-2.4.22-1.2188.nptl.x86_64.rpm -
Fedora kernel-source-2.4.22-1.2188.nptl.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386 /kernel-source-2.4.22-1.2188.nptl.i386.rpm -
Fedora kernel-source-2.4.22-1.2188.nptl.x86_64.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/x86_ 64/kernel-source-2.4.22-1.2188.nptl.x86_64.rpm -
Linux linux-2.4.26.tar.bz2
http://www.kernel.org/pub/linux/kernel/v2.4/linux-2.4.26.tar.bz2 -
Mandrake kernel-2.4.22.30mdk-1-1mdk.amd64.rpm
Mandrake Linux 9.2/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake kernel-2.4.22.30mdk-1-1mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php -
Mandrake kernel-enterprise-2.4.22.30mdk-1-1mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php -
Mandrake kernel-p3-smp-64GB-2.4.22.30mdk-1-1mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php -
Mandrake kernel-secure-2.4.22.30mdk-1-1mdk.amd64.rpm
Mandrake Linux 9.2/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake kernel-secure-2.4.22.30mdk-1-1mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php -
Mandrake kernel-smp-2.4.22.30mdk-1-1mdk.amd64.rpm
Mandrake Linux 9.2/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake kernel-smp-2.4.22.30mdk-1-1mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php -
Mandrake kernel-source-2.4.22-30mdk.amd64.rpm
Mandrake Linux 9.2/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake kernel-source-2.4.22-30mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php -
Slackware alsa-driver-0.9.8-i486-3.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/a lsa-driver-0.9.8-i486-3.tgz -
Slackware hotplug-2004_01_05-noarch-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/h otplug-2004_01_05-noarch-1.tgz -
Slackware kernel-headers-2.4.26-i386-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/k ernel-headers-2.4.26-i386-1.tgz -
Slackware kernel-ide-2.4.26-i486-2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/k ernel-ide-2.4.26-i486-2.tgz -
Slackware kernel-modules-2.4.26-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/k ernel-modules-2.4.26-i486-1.tgz -
Slackware kernel-source-2.4.26-noarch-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/k ernel-source-2.4.26-noarch-1.tgz
Linux kernel 2.4.23 -pre9
-
Linux linux-2.4.26.tar.bz2
http://www.kernel.org/pub/linux/kernel/v2.4/linux-2.4.26.tar.bz2
Linux kernel 2.4.23 -ow2
-
Linux linux-2.4.26.tar.bz2
http://www.kernel.org/pub/linux/kernel/v2.4/linux-2.4.26.tar.bz2
Linux kernel 2.4.23
-
Linux linux-2.4.26.tar.bz2
http://www.kernel.org/pub/linux/kernel/v2.4/linux-2.4.26.tar.bz2
Linux kernel 2.4.24 -ow1
-
Linux linux-2.4.26.tar.bz2
http://www.kernel.org/pub/linux/kernel/v2.4/linux-2.4.26.tar.bz2
Linux kernel 2.4.24
-
Linux linux-2.4.26.tar.bz2
http://www.kernel.org/pub/linux/kernel/v2.4/linux-2.4.26.tar.bz2
Linux kernel 2.4.25
-
Linux linux-2.4.26.tar.bz2
http://www.kernel.org/pub/linux/kernel/v2.4/linux-2.4.26.tar.bz2 -
Mandrake kernel-2.4.25.4mdk-1-1mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake kernel-enterprise-2.4.25.4mdk-1-1mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake kernel-i686-up-4GB-2.4.25.4mdk-1-1mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake kernel-p3-smp-64GB-2.4.25.4mdk-1-1mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake kernel-smp-2.4.25.4mdk-1-1mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake kernel-source-2.4.25-4mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php
Linux kernel 2.6.1 -rc2
-
Linux linux-2.6.5.tar.bz2
http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.5.tar.bz2
Linux kernel 2.6.1 -rc1
-
Linux linux-2.6.5.tar.bz2
http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.5.tar.bz2
Linux kernel 2.6.2
-
Linux linux-2.6.5.tar.bz2
http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.5.tar.bz2
Linux kernel 2.6.3
-
Linux linux-2.6.5.tar.bz2
http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.5.tar.bz2 -
Mandrake kernel-2.6.3.9mdk-1-1mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake kernel-enterprise-2.6.3.9mdk-1-1mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake kernel-i686-up-4GB-2.6.3.9mdk-1-1mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake kernel-p3-smp-64GB-2.6.3.9mdk-1-1mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake kernel-secure-2.6.3.9mdk-1-1mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake kernel-smp-2.6.3.9mdk-1-1mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake kernel-source-2.6.3-9mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake kernel-source-stripped-2.6.3-9mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php
References
Linux Kernel Setsockopt MCAST_MSFILTER Integer Overflow Vulnerability
References:
References:
- RHSA-2004:183-03 - Updated kernel packages fix security vulnerabilities (RedHat)
- Linux kernel setsockopt MCAST_MSFILTER integer overflow (Wojciech Purczynski
)