---------------------------------------------------------------------- Want to join the Secunia Security Team? Secunia offers a position as a security specialist, where your daily work involves reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerability reports. http://secunia.com/secunia_security_specialist/ ---------------------------------------------------------------------- TITLE: Linux Kernel SMP "/proc" Race Condition Denial of Service SECUNIA ADVISORY ID: SA20349 VERIFY ADVISORY: http://secunia.com/advisories/20349/ CRITICAL: Not critical IMPACT: DoS WHERE: Local system OPERATING SYSTEM: Linux Kernel 2.6.x http://secunia.com/product/2719/ DESCRIPTION: Tony Griffiths has reported a vulnerability in the Linux Kernel, which can be exploited malicious, local users to cause a DoS (Denial of Service). The vulnerability is cause due to a memory corruption error in the "dentry_unused" list within the "prune_dcache()" function. This can be exploited to crash the kernel when running on SMP hardware by causing a race condition such that one or more tasks exit while another task is reading their /proc entries. The vulnerability has been reported in versions 2.6.15 through 2.6.17. Other versions may also be affected. SOLUTION: Grant only trusted users access to affected systems. Secunia is currently not aware of an official version addressing this. PROVIDED AND/OR DISCOVERED BY: Tony Griffiths ORIGINAL ADVISORY: http://marc.theaimsgroup.com/?l=linux-kernel&m=114860432801543&w=2 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------