Linux Kernel Multiple Function String Length Modification Race Condition Local Information Disclosure

2006-03-13T09:33:06
ID OSVDB:23894
Type osvdb
Reporter David Howells(dhowells@redhat.com)
Modified 2006-03-13T09:33:06

Description

Vulnerability Description

The Linux Kernel contains a flaw that may allow a local denial of service. The issue is triggered when a race condition occurs that allows an attacker to modify an argument of a copy operation after is has been validated, but before it is used. This may present a window of opportunity for an attacker to gain access to sensitive information stored in memory.

Solution Description

Upgrade to version 2.6.15.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

The Linux Kernel contains a flaw that may allow a local denial of service. The issue is triggered when a race condition occurs that allows an attacker to modify an argument of a copy operation after is has been validated, but before it is used. This may present a window of opportunity for an attacker to gain access to sensitive information stored in memory.

References:

Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Secunia Advisory ID:19220 Secunia Advisory ID:20398 Secunia Advisory ID:22417 Secunia Advisory ID:21465 Related OSVDB ID: 23893 RedHat RHSA: RHSA-2006:0575 FrSIRT Advisory: ADV-2006-0926 CVE-2006-0457 Bugtraq ID: 17084