[dundee] Linux Kernel 'ac_ioctl()' Local Buffer Overflow Vulnerability

Arron Finnon afinnon at googlemail.com
Sun Dec 14 22:00:36 UTC 2008


Bit More info if anyone is interested

18. Linux Kernel 'ac_ioctl()' Local Buffer Overflow Vulnerability
BugTraq ID: 32759
Remote: No
Date Published: 2008-12-10
Relevant URL: http://www.securityfocus.com/bid/32759
Summary:
The Linux kernel is prone to a local buffer-overflow vulnerability
because it fails to perform adequate boundary checks on user-supplied
data.

Local attackers may be able to exploit this issue to crash the
affected kernel, denying service to legitimate users. Given the nature
of this issue, attackers may also be able to run arbitrary code, but
this has not been confirmed.

Versions prior to the Linux kernel 2.6.28-rc1 are vulnerable.



More information about the dundee mailing list