Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: Linux kernel, denial of service via key_replace_session_keyring

June 2011 by Vigil@nce

This bulletin was written by Vigil@nce : http://vigilance.fr/

SYNTHESIS OF THE VULNERABILITY

A local attacker can use the keyctl() system call, in order to create a denial of service.

- Severity: 1/4
- Creation date: 06/06/2011

IMPACTED PRODUCTS

- Linux kernel

DESCRIPTION OF THE VULNERABILITY

The keyctl() system call processes user’s keys. The KEYCTL_SESSION_TO_PARENT parameter indicates to give the keyring to the parent process.

The key_replace_session_keyring() function of the security/keys/process_keys.c file replaces the keyring of a process. This function is called when KEYCTL_SESSION_TO_PARENT is used. However, this function does not initialize the "user_ns" field. A read is then done at an invalid memory address.

A local attacker can therefore use the keyctl() system call, in order to create a denial of service.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/L...




See previous articles

    

See next articles