[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

114411

 
 

909

 
 

88812

 
 

136

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2010-1437Date: (C)2010-05-07   (M)2018-09-27


Race condition in the find_keyring_by_name function in security/keys/keyring.c in the Linux kernel 2.6.34-rc5 and earlier allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via keyctl session commands that trigger access to a dead keyring that is undergoing deletion by the key_cleanup function.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 1.9
Exploit Score: 3.4
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
http://www.securityfocus.com/archive/1/archive/1/516397/100/0/threaded
BID-39719
SECUNIA-39830
SECUNIA-40218
SECUNIA-40645
SECUNIA-43315
ADV-2010-1857
DSA-2053
IAVM:2011-A-0066
RHSA-2010:0474
SUSE-SA:2010:031
http://marc.info/?l=linux-kernel&m=127192182917857&w=2
http://marc.info/?l=linux-kernel&m=127274294622730&w=2
http://marc.info/?l=linux-kernel&m=127292492727029&w=2
http://www.openwall.com/lists/oss-security/2010/04/27/2
http://www.openwall.com/lists/oss-security/2010/04/28/2
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
https://bugzilla.redhat.com/show_bug.cgi?id=585094
https://patchwork.kernel.org/patch/94038/
https://patchwork.kernel.org/patch/94664/
kernel-findkeyringbyname-dos(58254)

CPE    396
cpe:/o:linux:linux_kernel:2.6.33:rc8
cpe:/o:linux:linux_kernel:2.6.33:rc7
cpe:/o:linux:linux_kernel:2.6.33:rc4
cpe:/o:linux:linux_kernel:2.6.33:rc3
...
CWE    1
CWE-362
OVAL    22
oval:org.secpod.oval:def:1500321
oval:org.secpod.oval:def:101114
oval:org.secpod.oval:def:400048
oval:org.secpod.oval:def:100719
...

© SecPod Technologies