Privacy and Legal Notice
TECHNICAL BULLETIN
T-042: Linux Kernel "keyctl_join_session_keyring()" Denial of Service
January 21, 2009 19:00 GMT
|
PROBLEM: |
A local denial of service vulnerability has been discovered in the Linux kernel. An attacker could exploit this to cause a crash via resource exhaustion.
|
PLATFORM: |
Linux Kernel
|
ABSTRACT: |
There is a memory leak error in the "keyctl_join_session_keyring()" function in security/keys/keyctl.c. A local attacker could cause a crash by exhausting memory resources.
|
|
Title: Linux Kernel "keyctl_join_session_keyring()" Denial of Service
(https://core.fsisac.com/?requestUrl=..%2fcontent%2fview.aspx%3fPageID%3di6015%26Id%3d461130)
Risk: 4
Summary: A local denial of service vulnerability has been discovered in the Linux kernel. An attacker could exploit
this to cause a crash via resource exhaustion. A patch is available from kernel.org.
Business Impact: Denial of service
Severity:
2 - Minimal Impact (Normal)
Urgency:
2 - Action Recommended
Credibility:
5 - Verified
Technology: Linux Kernel
Description: There is a memory leak error in the "keyctl_join_session_keyring()" function in security/keys/keyctl.c. A
local attacker could cause a crash by exhausting memory resources.
Corrective Action:
A patch is available from kernel.org:
http://kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.29-rc2-git1.bz2
( http://kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.29-rc2-git1.bz2 )
Source(s): http://secunia.com/advisories/33569/ ( http://secunia.com/advisories/33569/ )
http://git2.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0d54ee1c7850a954026deec4cd4885f331da35cc
( http://git2.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0d54ee1c7850a954026deec4cd4885f331da35cc )
CVE Number: CVE-2009-0031
DOE-CIRC wishes to acknowledge the contributions of Financial Services ISAC for the
information contained in this bulletin.
DOECIRC services are available to DOE, DOE Contractors, and the NIH.
DOE-CIRC can be contacted at:
Voice: 866-941-2472
E-mail: doecirci@doecirc.energy.gov
World Wide Web: http://www.doecirc.energy.gov
UCRL-MI-119788