Info

Disclosure

May 04, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

The Linux Kernel contains a flaw that may allow a local denial of service. The issue is triggered when 'selinux_ptrace' is used to trace a process. The SID that is set while doing so might be replaced later on accessing certain '/proc' files relating to that process, potentially allowing the owner of the original process to enter the other process' domain. This can result in unauthorised access to the target domain, but appears to be more likely to result in a kernel panic and hence in a loss of availability for the platform.

Classification

Location: Local Access Required
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Rumored
Disclosure: OSVDB Verified, Vendor Verified

Solution

Upgrade to version 2.6.16-rc6 or higher, as it has been reported to fix this vulnerability. For Ubuntu users, the problem can be corrected by upgrading the affected package to version 2.6.10-34.17 (for Ubuntu 5.04) or 2.6.12-10.32 (for Ubuntu 5.10). An upgrade is required as there are no known workarounds.

Products

Linux

Kernel

2.6.6

References

Bugtraq ID: 17830
Secunia Advisory ID: 19330 19955 20157 21465 22093 22417
CVE ID: 2006-1052 (see also: NVD)
Mail List Post: http://marc.theaimsgroup.com/?l=selinux&m=114226465106131&w=2
Vendor Specific Advisory URL: http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm
http://www.mandriva.com/security/advisories?name=MDKSA-2006:086
Vendor Specific News/Changelog Entry: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=341c2d806b71cc3596afeb2d9bd26cd718e75202
http://www.ubuntu.com/usn/usn-281-1
Other Advisory URL: http://www.us.debian.org/security/2006/dsa-1184
RedHat RHSA: RHSA-2006:0575

Credit

Stephen Smalley - sdstycho.nsa.gov -

Direct URL: http://osvdb.org/25232