Vigil@nce - Linux kernel: denial of service via /proc next_pidmap
April 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can access to the /proc directory, in order to stop
the Linux kernel.
Severity: 1/4
Creation date: 19/04/2011
IMPACTED PRODUCTS
– Linux kernel
DESCRIPTION OF THE VULNERABILITY
The /proc virtual directory contains information on processes.
The getdents() (get directory entries) system call obtains the
list of files of a directory. The lseek() call is used to change
the current position in a file.
If an attacker opens the /proc directory, then moves with lseek(),
then calls getdents(), the next_pidmap() function of the
kernel/pid.c file obtains a pid (process number) which is too
large. A fatal error then occurs in find_ge_pid().
A local attacker can therefore access to the /proc directory, in
order to stop the Linux kernel.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-proc-next-pidmap-10577