Vigil@nce - Linux kernel: denial of service via X.25 Facilities Class
November 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
A remote attacker can send a malicious X.25 packet during a
session, in order to stop a Linux system.
Severity: 1/4
Creation date: 15/11/2010
DESCRIPTION OF THE VULNERABILITY
The X.25 network protocol defines Facilities regrouped in 4
classes: X25_FAC_CLASS_A to X25_FAC_CLASS_D.
The x25_parse_facilities() function of the
net/x25/x25_facilities.c file does not check the minimal size of
the 4 classes. An infinite loop thus occurs, until the kernel
accesses to an unreadable memory area.
A remote attacker can therefore send a malicious X.25 packet
during a session, in order to stop a Linux system.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-X-25-Facilities-Class-10129