---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Linux Kernel s390 "copy_from_user" Information Disclosure SECUNIA ADVISORY ID: SA22289 VERIFY ADVISORY: http://secunia.com/advisories/22289/ CRITICAL: Less critical IMPACT: Exposure of sensitive information WHERE: Local system OPERATING SYSTEM: Linux Kernel 2.6.x http://secunia.com/product/2719/ DESCRIPTION: A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to gain knowledge of potentially sensitive information. The vulnerability is caused due to the "copy_from_user" function not correctly clearing kernel buffers after receiving a fault because of invalid user space addresses. This can be exploited to read uninitialised kernel memory by appending to files from invalid addresses. Note: The vulnerability affects the s390 architecture only. SOLUTION: The vulnerability has been fixed in version 2.6.19-rc1. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. CHANGELOG: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=52149ba6b0ddf3e9d965257cc0513193650b3ea8 http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.19-rc1 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------