[Secure-testing-team] Another kernel vulnerability
Moritz Muehlenhoff
jmm at inutil.org
Mon Oct 10 19:45:01 UTC 2005
Hi,
I found this in an Ubuntu advisory, no CVE assignment seems yet to have
been made.
Robert Derr discovered a memory leak in the system call auditing code.
On a kernel which has the CONFIG_AUDITSYSCALL option enabled, this
leads to memory exhaustion and eventually a Denial of Service. A local
attacker could also speed this up by excessively calling system calls.
This only affects customized kernels built from the kernel source
packages. The standard Ubuntu kernel does not have the
CONFIG_AUDITSYSCALL option enabled, and is therefore not affected by
this.
(http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=829841146878e082613a49581ae252c071057c23)
Cheers,
Moritz
More information about the Secure-testing-team
mailing list