[CS-FSLUG] NI: Linux Kernel Two Potential Denial of Service Vulnerabilities
Fred A. Miller
fmiller at lightlink.com
Wed Oct 12 13:50:51 CDT 2005
Linux Kernel Two Potential Denial of Service Vulnerabilities
SECUNIA ADVISORY ID:
SA17114
VERIFY ADVISORY:
http://secunia.com/advisories/17114/
CRITICAL: Not critical
IMPACT:
DoS
WHERE: Local system
OPERATING SYSTEM:
Linux Kernel 2.6.x
http://secunia.com/product/2719/
DESCRIPTION:
Two vulnerabilities have been reported in the Linux Kernel, which
potentially can be exploited by malicious, local users to cause a DoS
(Denial of Service).
1) A memory leak in "/security/keys/request_key_auth.c" can
potentially be exploited by non-privileged users to cause a DoS.
2) A memory leak exists in "/fs/namei.c" when the CONFIG_AUDITSYSCALL
option is enabled. This can potentially be exploited by local users to
cause a DoS via an excessive number of system calls.
SOLUTION:
The vulnerabilities have been fixed in version 2.6.14-rc4.
PROVIDED AND/OR DISCOVERED BY:
2) Robert Derr
ORIGINAL ADVISORY:
Kernel.org
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=74fd92c511bd4a0771ac0faaaef38bb1be3a29f6
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=829841146878e082613a49581ae252c071057c23
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.14-rc4
--
Paid purchaser of ALL SuSE Linux releases since 7.x
More information about the Christiansource
mailing list