CERTVU:245984The Red Hat Enterprise Linux 3 SMP Kernel fails to properly handle IPC shared-memory
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:N/I:N/A:C
0.0004 Low
EPSS
Percentile
14.6%
Overview
The Red Hat Enterprise Linux 3 SMP Kernel may allow an authenticated attacker to cause a denial-of-service condition with specially crafted IPC shared-memory functions.
Description
Inter-Process Communication (IPC) shared-memory is a method of passing data between programs used by the Red Hat Enterprise Linux 3 SMP Kernel. The shmat() function is used to attach shared memory segments to data segments of calling processes and the shmctl() function can be used to remove the shared memory segment. When these functions are run simultaneously, controls set by shmat() that limit access to areas of IPC shared-memory may not be properly removed before the shared-memory is removed by shmctl(). This could cause a deadlock condition where shmat() is left waiting indefinitely to remove shared-memory access controls.
Impact
An authenticated local attacker may be able to cause the system to freeze due to a deadlock condition, resulting in a denial of service.
Solution
Upgrade or apply a patch
Patches have been released to address this issue. Refer to Red Hat Security Advisory RHSA-2006:0710. Users who compile the kernel from source are encouraged to update to the most recent version.
Vendor Information
245984
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Red Hat, Inc. __ Affected
Updated: November 06, 2006
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Refer to Red Hat Security Advisory RHSA-2006:0710-01.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23245984 Feedback>).
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- <https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=205618>
- <http://www.redhat.com/support/errata/RHSA-2006-0710.html>
- <http://secunia.com/advisories/22497>
Acknowledgements
This issue was reported in Red Hat Security Advisory RHSA-2006:0710-01.
This document was written by Chris Taschner.
Other Information
| CVE IDs: | CVE-2006-4342 |
|---|---|
| Severity Metric: | 0.03 Date Public: |
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:N/I:N/A:C
0.0004 Low
EPSS
Percentile
14.6%