Info

Disclosure

Nov 08, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

The Linux kernel contains a flaw that may allow a local denial of service. The issue is triggered due to an error in sysctl's handling of interface unregistrations, and will result in loss of availability for the service.

Classification

Location: Local Access Required
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Unknown
Disclosure: OSVDB Verified, Vendor Verified

Solution

Upgrade to version 2.6.14.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Linux	Kernel	2.6.14
		2.6.13x
		2.6.12x
		2.6.11x
		2.6.10x

References

Security Tracker: 1015434
Secunia Advisory ID: 17504 17541 17648 18510 18562 18684 19369 19374 21954
SCIP VulDB ID: 1879
CVE ID: 2005-2709 (see also: NVD)
Vendor Specific Advisory URL: http://www.debian.org/security/2006/dsa-1017
http://www.trustix.org/errata/2006/0051/
http://www.ubuntulinux.org/usn/usn-219-1
http://www.us.debian.org/security/2006/dsa-1018
Vendor Specific News/Changelog Entry: http://www.kernel.org/git/?p=linux/kernel/git/gregkh/linux-2.6.14.y.git;a=commit;h=e4e0411221c7d4f2bd82fa5e21745f927a1bff28
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.14.1
RedHat RHSA: RHSA-2006:0101 RHSA-2006:0140 RHSA-2006:0190

Credit

Al Viro - virozeniv.linux.org.uk -

Direct URL: http://osvdb.org/20676