Vigil@ance: Linux kernel, denial of service via listen
December 2008 by Vigil@nce
SYNTHESIS
A local attacker can use listen() in order to generate an infinite
loop in the kernel.
Gravity: 1/4
Consequences: denial of service of computer
Provenance: user shell
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 08/12/2008
IMPACTED PRODUCTS
– Linux kernel
DESCRIPTION
The procedure to create a listening socket uses following
functions:
– socket() : creates the socket
– listen() : listens on the socket
– accept() : accepts clients
The listen() function is called once. However, if it is called
twice on a PF_ATMPVC socket, an infinite loop occurs in the
compare_family() function of the net/atm/proc.c file.
A local attacker can therefore use listen() in order to generate a
denial of service in the kernel.
CHARACTERISTICS
Identifiers: CVE-2008-5079, VIGILANCE-VUL-8294