Secunia Logo
Netsikker nu! 2008
 
Linux Kernel Potential Denial of Service and Information Disclosure
Secunia Advisory: SA17114
Release Date: 2005-10-11
Last Update: 2005-10-21
Popularity: 10,201 views

Critical:
Less critical
Impact: Security Bypass
Exposure of sensitive information
DoS
Where: From local network
Solution Status: Vendor Patch

OS:Linux Kernel 2.6.x

Subscribe: Instant alerts on relevant vulnerabilities

CVE reference:CVE-2005-3119
CVE-2005-3179
CVE-2005-3180
CVE-2005-3181


Description:
Two vulnerabilities, a security issue, and a weakness have been reported in the Linux Kernel, which potentially can be exploited by malicious, local users to cause a DoS (Denial of Service) and bypass certain security restrictions, or by malicious people to disclose certain sensitive information.

1) A memory leak in "/security/keys/request_key_auth.c" can potentially be exploited by non-privileged users to cause a DoS.

2) A memory leak exists in "/fs/namei.c" when the CONFIG_AUDITSYSCALL option is enabled. This can potentially be exploited by local users to cause a DoS via an excessive number of system calls.

3) The orinoco wireless driver fails to pad data packets with zeroes when the length needs to be increased. This may cause uninitialized data to be sent, potentially exposing random pieces of the system memory.

4) The "/sys/module/drm/parameters/debug" file is created with world-writable permission in sysfs. This may be exploited by non-privileged users to turn on drm debugging.

Solution:
The vulnerabilities, security issue, and weakness have been fixed in version 2.6.14-rc4 and stable version 2.6.13.4.

Provided and/or discovered by:
2) Robert Derr
3) Meder Kydyraliev
4) alwin

Changelog:
2005-10-12: Added CVE reference. Added information about additional vulnerability.
2005-10-13: Added link to original advisory.
2005-10-19: Stable version 2.6.13.4 released. Updated "Description", "Solution" and "Original Advisory" sections.
2005-10-21: Added CVE reference.

Original Advisory:
Kernel.org
http://www.kernel.org/git/?p=linux/ke...d92c511bd4a0771ac0faaaef38bb1be3a29f6
http://www.kernel.org/git/?p=linux/ke...841146878e082613a49581ae252c071057c23
http://www.kernel.org/git/?p=linux/ke...39bec87ee3e35897fe27441e979e7c208f624
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.14-rc4
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.13.4

Meder Kydyraliev:
http://o0o.nu/~meder/o0o_linux_orinoco_driver_info_leak.txt

Gentoo Bugzilla:
http://bugs.gentoo.org/show_bug.cgi?id=107893


Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.

Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
  
Latest Advisories

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.

Ideas, suggestions, and other feedback are most welcome.

Most Popular - 3 Hours

1. phpBB "gen_rand_string()" Predictable RNG Weakness // 93 views
2. Zeroboard Multiple Vulnerabilities // 53 views
3. Zeroboard Two Vulnerabilities // 39 views
4. phpBB Avatar Functions Information Disclosure and Deletion // 34 views
5. Sun Java System Web Proxy Server FTP Subsystem Buffer Overflow // 34 views
6. CA ARCserve Backup Multiple Vulnerabilities // 30 views
7. phpBB "url" bbcode Script Insertion Vulnerability // 30 views
8. phpBB Avatar Script Insertion Vulnerability // 29 views
9. ArticleBeach Script "page" File Inclusion Vulnerability // 26 views
10. CUPS Multiple Vulnerabilities // 25 views