SB2004122302 - Race condition in Linux kernel
Published: December 23, 2004
Security Bulletin ID
SB2004122302
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Race condition (CVE-ID: CVE-2004-0814)
The vulnerability allows a local user to perform service disruption.
Multiple race conditions in the terminal layer in Linux 2.4.x, and 2.6.x before 2.6.9, allow (1) local users to obtain portions of kernel data via a TIOCSETD ioctl call to a terminal interface that is being accessed by another thread, or (2) remote attackers to cause a denial of service (panic) by switching from console to PPP line discipline, then quickly sending data that is received during the switch.
Remediation
Install update from vendor's website.
References
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=131672
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=133110
- http://marc.info/?l=bugtraq&m=110306397320336&w=2
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:022
- http://www.redhat.com/support/errata/RHSA-2005-293.html
- http://www.securityfocus.com/archive/1/379005
- http://www.securityfocus.com/bid/11491
- http://www.securityfocus.com/bid/11492
- https://bugzilla.fedora.us/show_bug.cgi?id=2336
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17816
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10728