Info

Disclosure

Aug 23, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

The Linux kernel contains a flaw that may allow a local denial of service. The issue is triggered when an application provides an incorrect %ds or %es register to the path in arch/i386/kernel/entry.S:restore_all, and will result in kernel panic.

Classification

Location: Local Access Required
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Unknown
Disclosure: OSVDB Verified, Vendor Verified

Solution

Upgrade to Linux kernel version 2.6.10 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Linux

Kernel

2.6.9

References

CVE ID: 2006-2932 (see also: NVD)
Secunia Advisory ID: 21605 22093 22174
VUPEN Advisory: ADV-2006-3378
Generic Informational URL: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=144658
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=196280
http://linux.bkbits.net:8080/linux-2.6/cset@4182a613oVsK0-8eCWpyYFrUf8rhLA
Vendor Specific Advisory URL: http://support.avaya.com/elmodocs2/security/ASA-2006-203.htm
Vendor Specific News/Changelog Entry: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.10
Other Advisory URL: http://www.us.debian.org/security/2006/dsa-1184
RedHat RHSA: RHSA-2006:0617

Credit

Marcel Holtmann - marceltrifinite.org -

Direct URL: http://osvdb.org/28120