OSVDB ID: 23894

Title: Linux Kernel Multiple Function String Length Modification Race Condition Local Information Disclosure

Info

Disclosure

Mar 13, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

The Linux Kernel contains a flaw that may allow a local denial of service. The issue is triggered when a race condition occurs that allows an attacker to modify an argument of a copy operation after is has been validated, but before it is used. This may present a window of opportunity for an attacker to gain access to sensitive information stored in memory.

Classification

Location: Local Access Required
Attack Type: Information Disclosure, Race Condition
Impact: Loss of Confidentiality
Exploit: Exploit Rumored
Disclosure: OSVDB Verified

Solution

Upgrade to version 2.6.15.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Ubuntu	Ubuntu	4.10 (Warty Warthog)
		5.04 (Hoary Hedgehog)
		5.10 (Breezy Badger)

Linux	Kernel	2.6.15 .3
		2.6.15 .2
		2.6.15 .1
		2.6.15 -rc3
		2.6.15 -rc2
		2.6.10.x
		2.6.11.x
		2.6.12.x
		2.6.13.x
		2.6.14.x
		2.6.9.x
		2.6.8.x
		2.6.7.x
		2.6.5.x
		2.6.4.x
		2.6.3.x
		2.6.2.x
		2.6.1.x
		2.6-test.x
		2.6.6.x
		2.6

References

Bugtraq ID: 17084
Secunia Advisory ID: 19220 20398 21465 22417
CVE ID: 2006-0457 (see also: NVD)
Related OSVDB ID: 23893
VUPEN Advisory: ADV-2006-0926
Vendor Specific Advisory URL: http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm
http://www.novell.com/linux/security/advisories/2006-05-31.html
http://www.ubuntu.com/usn/usn-263-1
RedHat RHSA: RHSA-2006:0575

Credit

David Howells - dhowellsredhat.com - RedHat

Direct URL: http://osvdb.org/23894

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Ubuntu

Ubuntu

Linux

Kernel

References

Credit