Info

Disclosure

Apr 02, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

The Linux Kernel contains a flaw that may allow a local denial of service. The issue is triggered when exactly or more than the platform processor's page size of data is written to a 'sysfs' file. Lack of termination of a buffer in the 'fill_write_buffer()' function will result in a kernel panic and hence in loss of availability for the platform.

Classification

Location: Local Access Required
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Unknown
Disclosure: OSVDB Verified, Vendor Verified

Solution

Upgrade to version 2.6.12.2 or higher, as it has been reported to fix this vulnerability. For Ubuntu users, the problem can be corrected by upgrading the affected package to version 2.6.10-34.17 (for Ubuntu 5.04) or 2.6.12-10.32 (for Ubuntu 5.10). An upgrade is required as there are no known workarounds.

Products

Linux

Kernel

2.6.16.1

References

Bugtraq ID: 17402
Secunia Advisory ID: 19495 19570 19735 19955 20398 20716
CVE ID: 2006-1055 (see also: NVD)
SCIP VulDB ID: 2130
ISS X-Force ID: 25693
VUPEN Advisory: ADV-2006-1273
Other Advisory URL: http://svn.debian.org/wsvn/kernel/patch-tracking/CVE-2006-1055?op=file&rev=0&sc=0
Vendor Specific News/Changelog Entry: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6e0dd741a89be35defa05bd79f4211c5a2762825
http://www.ubuntu.com/usn/usn-281-1
Vendor Specific Advisory URL: http://www.novell.com/linux/security/advisories/2006-05-31.html
http://www.trustix.org/errata/2006/0020/
http://www.ubuntu.com/usn/usn-302-1

Credit

Al Viro - viroftp.linux.org.uk -

Direct URL: http://osvdb.org/24443