TITLE: Linux Kernel dm-crypt Driver Information Disclosure SECUNIA ADVISORY ID: SA18487 VERIFY ADVISORY: http://secunia.com/advisories/18487/ CRITICAL: Less critical IMPACT: Exposure of sensitive information WHERE: Local system OPERATING SYSTEM: Linux Kernel 2.6.x http://secunia.com/product/2719/ DESCRIPTION: Stefan Rompf has reported a vulnerability in the Linux Kernel, which can be exploited by malicious, local users to disclose potentially sensitive information. The vulnerability is caused due to the "dm-crypt" driver failing to clear memory before freeing it. This can be exploited by local users to obtain sensitive information (e.g. cryptographic keys). The vulnerability has been reported in version 2.6.15.1. Other versions may also be affected. SOLUTION: The vulnerability has been fixed in versions 2.6.15-git12 and in 2.6.16-rc1. PROVIDED AND/OR DISCOVERED BY: Stefan Rompf ORIGINAL ADVISORY: http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.15-git12.log http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.16-rc1 http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9d3520a339d62f942085e9888f66905eb8b350bd http://marc.theaimsgroup.com/?l=linux-kernel&m=113640535312572 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------