|
|
>> Linux Kernel "prune_dcache()" Race Condition Denial of Service Vulnerability
|
Title : Linux Kernel "prune_dcache()" Race Condition Denial of Service Vulnerability
VUPEN ID : VUPEN/ADV-2006-2070
CVE ID : CVE-2006-2629
Rated as : Low Risk 
Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2006-05-31
|
A vulnerability has been identified in Linux Kernel, which could be exploited by local attackers to cause a denial of service. This flaw is due to a memory corruption error in the "prune_dcache()" function on SMP systems, which could be exploited by malicious users to crash a vulnerable system by creating and exiting a large number of tasks, then accessing the "/proc" entry of an exiting task.
Affected Products
Linux Kernel versions 2.6.15 through 2.6.17
Solution
VUPEN Security is not aware of any vendor-supplied patch.
References
http://www.vupen.com/english/advisories/2006/2070
http://marc.theaimsgroup.com/?l=linux-kernel&m=114860432801543&w=2
Credits
Vulnerability reported by Tony Griffiths
ChangeLog
2006-05-31 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
