HOME > VULNERABILITY NOTES


   VULNERABILITY NOTE

 

CERT-In Vulnerability Note CIVN-2010-43
Linux Kernel 64bit Personality Handling Local Denial of Service Vulnerability

Original Issue Date: March 04, 2010

Severity Rating: Medium

System Affected

  • Linux Kernel versions 2.6.x prior to 2.6.33-rc6

Overview

A vulnerability has been reported in Linux Kernel, which can be exploited by local user to cause a Denial of Service condition (DoS).

Description

This vulnerability is caused due to an error in verifying the status of the ELF interpreter in the load_elf_binary() function in fs/binfmt_elf.c file when the SET_PERSONALITY macro is invoked in the Linux Kernel. A local user could exploit this vulnerability via a 32-bit application that attempts to execute a 64-bit application to trigger a segmentation fault resulting in Denial of Service condition (DoS).

Successful exploitation requires a 64-bit system and also require that core dumps are enabled.

Solution

Upgrade to Kernel version 2.6.33
http://www.kernel.org/

Vendor Information

Kernel.org
http://www.kernel.org/

References

Kernel.org
http://www.kernel.org/

SecurityFocus
http://www.securityfocus.com/bid/38027

Secunia
http://secunia.com/advisories/38354/

Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=560547

GIT Kernel
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=221af7f87b97431e3ee21ce4b0e77d5411cf1549

CVE Name
 CVE-2010-0307

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003