Linux Kernel do_fork Memory Leak Information Disclosure

2004-04-29T00:00:00
ID OSVDB:7219
Type osvdb
Reporter John Byrne(john.l.byrne@hp.com)
Modified 2004-04-29T00:00:00

Description

Vulnerability Description

The Linux kernel contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered due to an error in the error path of the do_fork function; if an error exists after the allocation of the mm_struct for a child process, the do_fork function fails to free the process. This memory leak will disclose sensitive information, resulting in a loss of confidentiality, and consume system memory, resulting in a loss of availability through resource exhaustion.

Solution Description

Upgrade to version 2.4.26, 2.6.6 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by applying the vendor-supplied patch.

Short Description

The Linux kernel contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered due to an error in the error path of the do_fork function; if an error exists after the allocation of the mm_struct for a child process, the do_fork function fails to free the process. This memory leak will disclose sensitive information, resulting in a loss of confidentiality, and consume system memory, resulting in a loss of availability through resource exhaustion.

References:

Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Secunia Advisory ID:11892 Secunia Advisory ID:12075 Secunia Advisory ID:12331 Secunia Advisory ID:20162 Secunia Advisory ID:20163 Secunia Advisory ID:12003 Secunia Advisory ID:20202 Secunia Advisory ID:20338 RedHat RHSA: RHSA-2004:327 RedHat RHSA: RHSA-2004:255-10 Other Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000846 Other Advisory URL: http://security.gentoo.org/glsa/glsa-200407-02.xml Mail List Post: http://marc.theaimsgroup.com/?l=linux-kernel&m=108139073506983&w=2 ISS X-Force ID: 16002 CVE-2004-0427 CIAC Advisory: o-164 Bugtraq ID: 10221