Linux kernel setsockopt mcast

xiaoxiao2021-03-06  54

Linux kernel setsockopt mcast_msfilter integer overflow vulnerability

Vulnerability Description:

Linux Kernel contains ip_setsockopt () existence of integer overflow, local attackers can use this vulnerability to improve permissions, get root privileges. The ip_setsockopt () function is a subfunction of the setsockopt (2) system call, which allows you to operate multiple IP socket options, MCAST_MSFILTERs are used to provide a list of multicast addresses received from the socket. There is an integer overflow in the IP_MSFilter_SIZE macro calculation.

Impact system: Linux kernel setsockopt mcast_msfilter

Linux kernel 2.6.1linux kernel 2.6.2linux kernel 2.6.3linux kernel 2.4.22linux kernel 2.4.24linux kernel 2.4.25

Does not affect the system:

Linux kernel 2.4.26linux kernel 2.6.4

Attack code: (This vulnerability code exists in the NET / IPv4 / IP_SOCKGLUE.C file)

Case MCAST_MSFILTER: {/ * ... * / msize = ip_msfilter_size (GSF-> gf_numsrc); MSF = (struct ip_msfilter *) kmalloc (msize, gfp_kernel); / * ... * / for (i = 0; i

GF_NUMSRC; i) {

PSIN = (struct sockaddr_in *) & gsf-> gf_slist [i];

IF (psin-> sin_family! = af_INet)

GTO MC_MSF_OUT;

MSF-> IMSF_SLIST [I] = psin-> sin_addr.s_addr;

}

Whereas the ip_msfilter_size macro is Defined As Follows:

#define ip_msfilter_size (NUMSRC) / (SIZEOF (Struct IP_MSFILTER) - SIZEOF (__ U32) / (Numsrc) * Sizeof (__ u32))

Security recommendations:

Download Linux Kernel 2.4.26 and 2.6.4 Safety Patch: http://www.kernel.org

转载请注明原文地址:https://www.9cbs.com/read-116680.html

New Post(0)