Secunia Security Advisory - Tony Griffiths has reported a vulnerability in the Linux Kernel, which can be exploited malicious, local users to cause a DoS (Denial of Service).
6e16f818b11d4177b47bd2add1051bd2e2accf3802c5f811269d9191843c8aea
----------------------------------------------------------------------
Want to join the Secunia Security Team?
Secunia offers a position as a security specialist, where your daily
work involves reverse engineering of software and exploit code,
auditing of source code, and analysis of vulnerability reports.
http://secunia.com/secunia_security_specialist/
----------------------------------------------------------------------
TITLE:
Linux Kernel SMP "/proc" Race Condition Denial of Service
SECUNIA ADVISORY ID:
SA20349
VERIFY ADVISORY:
http://secunia.com/advisories/20349/
CRITICAL:
Not critical
IMPACT:
DoS
WHERE:
Local system
OPERATING SYSTEM:
Linux Kernel 2.6.x
http://secunia.com/product/2719/
DESCRIPTION:
Tony Griffiths has reported a vulnerability in the Linux Kernel,
which can be exploited malicious, local users to cause a DoS (Denial
of Service).
The vulnerability is cause due to a memory corruption error in the
"dentry_unused" list within the "prune_dcache()" function. This can
be exploited to crash the kernel when running on SMP hardware by
causing a race condition such that one or more tasks exit while
another task is reading their /proc entries.
The vulnerability has been reported in versions 2.6.15 through
2.6.17. Other versions may also be affected.
SOLUTION:
Grant only trusted users access to affected systems.
Secunia is currently not aware of an official version addressing
this.
PROVIDED AND/OR DISCOVERED BY:
Tony Griffiths
ORIGINAL ADVISORY:
http://marc.theaimsgroup.com/?l=linux-kernel&m=114860432801543&w=2
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------