10 Oct 2012
31 Oct 2012
Exposure of system information
Vulnerabilities where excessive information about the system (e.g. version numbers, running services, installation paths, and similar) are exposed and can be revealed from remote and in some cases locally.
A weakness has been reported in Linux Kernel, which can be exploited by malicious, local users to disclose potentially sensitive system information.
The weakness is caused due to an error when populating the system information structure as a result of the "uname()" system call. This can be exploited to disclose some kernel stack-based memory via the UNAME26 execution domain.
Update to a fixed version if available.
Linux Kernel 3.0.x:
Linux Kernel 3.2.x:
Linux Kernel 3.4.x:
Linux Kernel 3.5.x:
Reported by Brad Spengler via a patch.