Linux kernel setsockopt mcast_msfilter integer overflow vulnerability
Vulnerability Description:
Linux Kernel contains ip_setsockopt () existence of integer overflow, local attackers can use this vulnerability to improve permissions, get root privileges. The ip_setsockopt () function is a subfunction of the setsockopt (2) system call, which allows you to operate multiple IP socket options, MCAST_MSFILTERs are used to provide a list of multicast addresses received from the socket. There is an integer overflow in the IP_MSFilter_SIZE macro calculation.
Impact system: Linux kernel setsockopt mcast_msfilter
Linux kernel 2.6.1linux kernel 2.6.2linux kernel 2.6.3linux kernel 2.4.22linux kernel 2.4.24linux kernel 2.4.25
Does not affect the system:
Linux kernel 2.4.26linux kernel 2.6.4
Attack code: (This vulnerability code exists in the NET / IPv4 / IP_SOCKGLUE.C file)
Case MCAST_MSFILTER: {/ * ... * / msize = ip_msfilter_size (GSF-> gf_numsrc); MSF = (struct ip_msfilter *) kmalloc (msize, gfp_kernel); / * ... * / for (i = 0; i
GF_NUMSRC; i) {
PSIN = (struct sockaddr_in *) & gsf-> gf_slist [i];
IF (psin-> sin_family! = af_INet)
GTO MC_MSF_OUT;
MSF-> IMSF_SLIST [I] = psin-> sin_addr.s_addr;
}
Whereas the ip_msfilter_size macro is Defined As Follows:
#define ip_msfilter_size (NUMSRC) / (SIZEOF (Struct IP_MSFILTER) - SIZEOF (__ U32) / (Numsrc) * Sizeof (__ u32))
Security recommendations:
Download Linux Kernel 2.4.26 and 2.6.4 Safety Patch: http://www.kernel.org
