Linux Kernel DCCP Multiple Local Information Disclosure Vulnerabilities

Bugtraq ID:	23162
Class:	Design Error
CVE:
Remote:	No
Local:	Yes
Published:	Mar 27 2007 12:00AM
Updated:	May 25 2007 04:21PM
Credit:	Robert Swiecki <[email protected]> discovered these vulnerabilities.
Vulnerable:	Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Linux kernel 2.6.20 .4 Linux kernel 2.6.20 .1 Linux kernel 2.6.20 Linux kernel 2.6.20.3 Linux kernel 2.6.20.2
Not Vulnerable:

Linux Kernel DCCP Multiple Local Information Disclosure Vulnerabilities

The Linux kernel is prone to multiple vulnerabilities in its DCCP support. Exploiting these issues can allow local attackers to access privileged information.

An attacker may be able to obtain sensitive data that can potentially aid in further attacks.

Linux Kernel versions in the 2.6.20 and later branch are vulnerable to these issues.

Linux Kernel DCCP Multiple Local Information Disclosure Vulnerabilities

The following exploits are available:

• /data/vulnerabilities/exploits/23162-2.c
• /data/vulnerabilities/exploits/23162.c

Linux Kernel DCCP Multiple Local Information Disclosure Vulnerabilities

Solution:
A fix is available to address this issue. Please see the references for more information.

Linux Kernel DCCP Multiple Local Information Disclosure Vulnerabilities

References:

• Linux Homepage (Linux)
  
• Linux Kernel DCCP Memory Disclosure Vulnerability (Arnaldo Carvalho de Melo)
  
• Linux Kernel DCCP Memory Disclosure Vulnerability (Robert Swiecki )