FreeBSD-SA-20:23.sendmsg

Status
Not open for further replies.

admin

Administrator
Staff member
Administrator
When handling a 32-bit sendmsg(2) call, the compat32 subsystem copies the control message to be transmitted (if any) into kernel memory, and adjusts
alignment of control message headers. The code which performs this work contained a time-of-check to time-of-use (TOCTOU) vulnerability which allows a
malicious userspace program to modify control message headers after they were validated by the kernel.

Continue reading...
 
Status
Not open for further replies.
Back
Top