Linux Kernel Malformed Keyring Addition DoS

2005-08-09T09:19:50
ID OSVDB:18651
Type osvdb
Reporter OSVDB
Modified 2005-08-09T09:19:50

Description

Vulnerability Description

Linux contains a flaw that may allow a local denial of service. The issue is triggered when a user attempts to add a keyring with anything other than an empty description payload. Creation of the keyring will fail, and when the system attempts to remove the keyring from the name list, a kernel crash will occur, and will result in loss of availability for the operating system.

Solution Description

Upgrade to kernel version 2.6.13-rc6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Linux contains a flaw that may allow a local denial of service. The issue is triggered when a user attempts to add a keyring with anything other than an empty description payload. Creation of the keyring will fail, and when the system attempts to remove the keyring from the name list, a kernel crash will occur, and will result in loss of availability for the operating system.

References:

Vendor Specific News/Changelog Entry: http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.13-rc6 Secunia Advisory ID:16355 Secunia Advisory ID:17073 Secunia Advisory ID:16500 Related OSVDB ID: 18652 RedHat RHSA: RHSA-2005:514 Other Advisory URL: http://www.ubuntulinux.org/support/documentation/usn/usn-169-1 CVE-2005-2099 Bugtraq ID: 14517