Skip to content

openSUSE kernel sources : patching against sock_sendpage() NULL Pointer Dereference vulnerability

I am using the 2.6.30 kernel sources from Kernel:linux-next and noticed that it has not yet been patched against the ’sock_sendpage()’ NULL Pointer Dereference vulnerability.

The threat is serious as it could allow a local user to gain root privileges.

Those who compile their own 2.6.x kernel should apply this patch (from Linus, check there for more info) .

Within your kernel source folder :

$ patch -u -p0 < sock_sendpage.patch

I hope an official patch will be released soon for all kernels. I did not check if the 11.1 kernel has already been patched or not.

Related posts:

  1. Yersinia : patch to compile under openSUSE (11.1)
  2. Compilation of PackETH on openSUSE
  3. OpenSSL : CVE-2009-3555 security fix and mod_ssl client authentication breakage
  4. No Nessus gui client and limited support of the server for openSUSE
  5. Switching from Ubuntu to OpenSuse

Comments 2

  1. BenderBendingRodriguez wrote:

    Ehhh, what is this hubbub all about?? If there is anyone with local access to your PC then if he would know how to use that vulnerability then he’d also know how to get root privileges without that (GRUB /bin/sh etc. )

    I’d care more about remote code executions.

    Posted 17 Aug 2009 at 5:26 pm
  2. JC wrote:

    @BenderBendingRodriguez :
    No, local access does not only mean physical access. I have some servers accessed by technicians with SSH, where they use their own local account (not root).
    They would be able to grab an exploit and use it to gain root access – what I don’t want.

    Posted 17 Aug 2009 at 8:19 pm

Post a Comment

Your email is never published nor shared. Required fields are marked *