J-Security Center

Title: Linux sysctl() Kernel Memory Reading Vulnerability

Severity: MODERATE

Description:

A problem has been discovered in the sysctl() system call of the Linux Kernel.

sysctl() was originally derived from the 4.4 BSD implementation, and adopted into the Linux Kernel in an early version. The first release of the Linux Kernel to contain the sysctl call was 1.3.57. The sysctl system call is mirrored by the /proc/sys file system, which contains files of a number of the various objects which can be controlled by the system call. sysctl() is defined in kernel source file linux/kernel/sysctl.c.

The purpose of the sysctl() call is to allow privileged programs to read and set the values for various objects within the kernel. It is an access controlled system call, which grants only read privileges to unprivileged users.

Upon calling sysctl(), the function expects a signed integer value. However, the ability to accept a signed integer value makes it possible to supply a negative value, which could read kernel space memory addresses. The supplied check does for valid input does not adequately check the value of the variable, and allows the input.

Affected Products:

  • Caldera OpenLinux 2.4.0
  • Conectiva Linux 4.0.0
  • Conectiva Linux 4.0.0 es
  • Conectiva Linux 4.1.0
  • Conectiva Linux 4.2.0
  • Conectiva Linux 5.0.0
  • Conectiva Linux 5.1.0
  • Conectiva Linux 6.0.0
  • Conectiva Linux ecommerce
  • Conectiva Linux graficas
  • Debian Linux 2.2.0
  • Debian Linux 2.2.0 68k
  • Debian Linux 2.2.0 alpha
  • Debian Linux 2.2.0 arm
  • Debian Linux 2.2.0 powerpc
  • Debian Linux 2.2.0 sparc
  • Linux kernel 2.2.18
  • MandrakeSoft Linux Mandrake 6.0.0
  • MandrakeSoft Linux Mandrake 6.1.0
  • MandrakeSoft Linux Mandrake 7.0.0
  • MandrakeSoft Linux Mandrake 7.1.0
  • MandrakeSoft Linux Mandrake 7.2.0
  • RedHat Linux 6.0.0
  • RedHat Linux 6.0.0 alpha
  • RedHat Linux 6.0.0 sparc
  • RedHat Linux 6.1.0 alpha
  • RedHat Linux 6.1.0 i386
  • RedHat Linux 6.1.0 sparc
  • RedHat Linux 6.2.0 alpha
  • RedHat Linux 6.2.0 i386
  • RedHat Linux 6.2.0 sparc
  • RedHat Linux 7.0.0
  • RedHat Linux 7.0.0 alpha
  • RedHat Linux 7.0.0 i386
  • RedHat Linux 7.0.0 sparc
  • RedHat kernel-2.2.16-22.i386.rpm 0.0.0
  • RedHat kernel-2.2.16-22.i586.rpm 0.0.0
  • RedHat kernel-2.2.16-22.i686.rpm 0.0.0
  • RedHat kernel-BOOT-2.2.16-22.i386.rpm 0.0.0
  • RedHat kernel-doc-2.2.16-22.i386.rpm 0.0.0
  • RedHat kernel-enterprise-2.2.16-22.i686.rpm 0.0.0
  • RedHat kernel-ibcs-2.2.16-22.i386.rpm 0.0.0
  • RedHat kernel-pcmcia-cs-2.2.16-22.i386.rpm 0.0.0
  • RedHat kernel-smp-2.2.16-22.i386.rpm 0.0.0
  • RedHat kernel-smp-2.2.16-22.i586.rpm 0.0.0
  • RedHat kernel-smp-2.2.16-22.i686.rpm 0.0.0
  • RedHat kernel-source-2.2.16-22.i386.rpm 0.0.0
  • RedHat kernel-utils-2.2.16-22.i386.rpm 0.0.0
  • S.u.S.E. Linux 6.0.0
  • S.u.S.E. Linux 6.1.0
  • S.u.S.E. Linux 6.1.0 alpha
  • S.u.S.E. Linux 6.3.0
  • S.u.S.E. Linux 6.3.0 alpha
  • S.u.S.E. Linux 6.3.0 ppc
  • S.u.S.E. Linux 6.4.0
  • S.u.S.E. Linux 6.4.0 alpha
  • S.u.S.E. Linux 6.4.0 ppc
  • S.u.S.E. Linux 7.0.0
  • SCO eDesktop 2.4.0
  • SCO eServer 2.3.1
  • Slackware Linux 4.0.0
  • Slackware Linux 7.0.0
  • Slackware Linux 7.1.0
  • WireX Immunix OS 6.2.0
  • WireX Immunix OS 7.0.0
  • WireX Immunix OS 7.0.0 -Beta

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.