IBM AIX versions 5.3, 6.1 and 7.1 releases VIOS 2.2.* suffer from kernel memory leak and denial of service vulnerabilities. It has been identified that the ptrace() system call can be manipulated by an unprivileged user into leaking uninitialized kernel memory and that the method by which this is achieved may also lead to a denial of service condition. This can be achieved by manipulating the parameters that are passed to the ptrace() system call when performing the PT_LDINFO operation. By calling ptrace(PT_LDINFO, childpid, leakbuffer, maximumleak, NULL) with a value of maximumleak that greater than that required for the expected result of the PT_LDINFO operation, the AIX kernel will xmalloc() this space (without initializing it), populate it and then perform a copy operation that returns the result within leakbuffer.
326046758c80dfd7a90603cb6033621d1db225d4cc2532b1585420f2b0419948
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed