[Secure-testing-team] Re: Another kernel vulnerability
Horms
horms at debian.org
Tue Oct 11 05:35:57 UTC 2005
On Mon, Oct 10, 2005 at 09:45:01PM +0200, Moritz Muehlenhoff wrote:
> Hi,
> I found this in an Ubuntu advisory, no CVE assignment seems yet to have
> been made.
>
> Robert Derr discovered a memory leak in the system call auditing code.
> On a kernel which has the CONFIG_AUDITSYSCALL option enabled, this
> leads to memory exhaustion and eventually a Denial of Service. A local
> attacker could also speed this up by excessively calling system calls.
> This only affects customized kernels built from the kernel source
> packages. The standard Ubuntu kernel does not have the
> CONFIG_AUDITSYSCALL option enabled, and is therefore not affected by
> this.
> (http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=829841146878e082613a49581ae252c071057c23)
Thanks, I have put that in here for now
http://svn.debian.org/wsvn/kernel/people/horms/patch_notes/misc/auditsyscall_leak?op=file&rev=0&sc=0
--
Horms
More information about the Secure-testing-team
mailing list