SB2005110901 - Race condition in Linux kernel
Published: November 9, 2005
Security Bulletin ID
SB2005110901
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Race condition (CVE-ID: CVE-2005-3527)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
Race condition in do_coredump in signal.c in Linux kernel 2.6 allows local users to cause a denial of service by triggering a core dump in 1 thread while another thread has a pending SIGSTOP.
Remediation
Install update from vendor's website.
References
- http://secunia.com/advisories/17917
- http://secunia.com/advisories/17918
- http://www.kernel.org/git/?p=linux/kernel/git/davem/sparc-2.6.git;a=commitdiff;h=788e05a67c343fa22f2ae1d3ca264e7f15c25eaf
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:018
- http://www.securityfocus.com/advisories/9806
- http://www.securityfocus.com/archive/1/419522/100/0/threaded
- http://www.securityfocus.com/archive/1/427981/100/0/threaded
- http://www.securityfocus.com/bid/15723