Linux Kernel Sigqueue Blocking Denial Of Service Vulnerability
BID:10096
Info
Linux Kernel Sigqueue Blocking Denial Of Service Vulnerability
| Bugtraq ID: | 10096 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 12 2004 12:00AM |
| Updated: | Apr 12 2004 12:00AM |
| Credit: | Discovery is credited to "Nikita V. Youshchenko" <[email protected]>. |
| Vulnerable: |
Linux kernel 2.6.3 Linux kernel 2.6.2 Linux kernel 2.6.1 -rc2 Linux kernel 2.6.1 -rc1 Linux kernel 2.6 -test9 Linux kernel 2.6 -test8 Linux kernel 2.6 -test7 Linux kernel 2.6 -test6 Linux kernel 2.6 -test5 Linux kernel 2.6 -test4 Linux kernel 2.6 -test3 Linux kernel 2.6 -test2 Linux kernel 2.6 -test11 Linux kernel 2.6 -test10 Linux kernel 2.6 -test1 Linux kernel 2.6 Linux kernel 2.4.25 Linux kernel 2.4.24 -ow1 Linux kernel 2.4.24 Linux kernel 2.4.23 -pre9 Linux kernel 2.4.23 -ow2 Linux kernel 2.4.23 Linux kernel 2.4.22 Linux kernel 2.4.21 pre7 Linux kernel 2.4.21 pre4 Linux kernel 2.4.21 pre1 Linux kernel 2.4.21 Linux kernel 2.4.20 Linux kernel 2.4.19 -pre6 Linux kernel 2.4.19 -pre5 Linux kernel 2.4.19 -pre4 Linux kernel 2.4.19 -pre3 Linux kernel 2.4.19 -pre2 Linux kernel 2.4.19 -pre1 Linux kernel 2.4.19 Linux kernel 2.4.18 pre-8 Linux kernel 2.4.18 pre-7 Linux kernel 2.4.18 pre-6 Linux kernel 2.4.18 pre-5 Linux kernel 2.4.18 pre-4 Linux kernel 2.4.18 pre-3 Linux kernel 2.4.18 pre-2 Linux kernel 2.4.18 pre-1 Linux kernel 2.4.18 x86 Linux kernel 2.4.18 Linux kernel 2.4.17 Linux kernel 2.4.16 Linux kernel 2.4.15 Linux kernel 2.4.14 Linux kernel 2.4.13 Linux kernel 2.4.12 Linux kernel 2.4.11 Linux kernel 2.4.10 Linux kernel 2.4.9 Linux kernel 2.4.8 Linux kernel 2.4.7 Linux kernel 2.4.6 Linux kernel 2.4.5 Linux kernel 2.4.4 Linux kernel 2.4.3 Linux kernel 2.4.2 Linux kernel 2.4.1 Linux kernel 2.4 .0-test9 Linux kernel 2.4 .0-test8 Linux kernel 2.4 .0-test7 Linux kernel 2.4 .0-test6 Linux kernel 2.4 .0-test5 Linux kernel 2.4 .0-test4 Linux kernel 2.4 .0-test3 Linux kernel 2.4 .0-test2 Linux kernel 2.4 .0-test12 Linux kernel 2.4 .0-test11 Linux kernel 2.4 .0-test10 Linux kernel 2.4 .0-test1 Linux kernel 2.4 |
| Not Vulnerable: | |
Discussion
Linux Kernel Sigqueue Blocking Denial Of Service Vulnerability
A vulnerability has been reported in the Linux Kernel that may permit a malicious local user to affect a system-wide denial of service condition. This issue may be triggered via the Kernel signal queue (struct sigqueue) and may be exploited to exhaust the system process table by causing an excessive number of threads to be left in a zombie state.
A vulnerability has been reported in the Linux Kernel that may permit a malicious local user to affect a system-wide denial of service condition. This issue may be triggered via the Kernel signal queue (struct sigqueue) and may be exploited to exhaust the system process table by causing an excessive number of threads to be left in a zombie state.
Exploit / POC
Linux Kernel Sigqueue Blocking Denial Of Service Vulnerability
The following exploit was provided:
The following exploit was provided:
Solution / Fix
Linux Kernel Sigqueue Blocking Denial Of Service Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Linux Kernel Sigqueue Blocking Denial Of Service Vulnerability
References:
References:
- Possible DoS on Linux kernel 2.4 and 2.6 using sigqueue overflow. ("Nikita V. Youshchenko"
)