Main Vulnerability Database SB2010031602

SB2010031602 - Resource management errors in Linux kernel

Published: March 16, 2010

Security Bulletin ID SB2010031602

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Resource management errors (CVE-ID: CVE-2007-6733)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The nfs_lock function in fs/nfs/file.c in the Linux kernel 2.6.9 does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service (BUG and system crash) by locking a file on an NFS filesystem and then changing this file's permissions, a related issue to CVE-2010-0727.

Remediation

Install update from vendor's website.

References

http://rhn.redhat.com/errata/RHBA-2007-0304.html
https://bugzilla.redhat.com/show_bug.cgi?id=218777
https://bugzilla.redhat.com/show_bug.cgi?id=570863