|
|
>> Linux Kernel Keyring Management Denial of Service Vulnerabilities
|
Title : Linux Kernel Keyring Management Denial of Service Vulnerabilities
VUPEN ID : VUPEN/ADV-2005-1351
CVE ID : CVE-2005-2098 - CVE-2005-2099
CWE ID : CWE-
Rated as : Low Risk 
Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2005-08-09
|
Two vulnerabilities were identified in Linux Kernel, which could be exploited by local users to conduct denial of service attacks.
The first issue occurs in the error handling path for the "KEYCTL_JOIN_SESSION_KEYRING" operation during an attempt to join a key management session, which could cause the session management semaphore to not be released.
The second flaw is due to an error when handling a keyring that failed to instantiate, which could be exploited by local attackers to cause a denial of service by adding a keyring that does not contain an empty payload.
Affected Products
Linux Kernel versions prior to 2.6.13-rc6
Solution
Upgrade to Kernel version 2.6.13-rc6 :
http://www.kernel.org/
References
http://www.vupen.com/english/advisories/2005/1351
http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.13-rc6
Credits
Vulnerabilities reported by David Howells
ChangeLog
2005-08-09 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
