Title: Linux Kernel Key_Alloc_Serial() Local Denial of Service Vulnerability

Severity: LOW

Description:

The Linux kernel is prone to a denial-of-service vulnerability because of a NULL-pointer dereference.

This vulnerability affects the 'key_alloc_serial()' function.

A successful attack can allow local attackers to trigger a crash and deny service to legitimate users.

Kernel versions 2.6.x are vulnerable.

Affected Products:

Avaya AES 4.0
Avaya Messaging Storage Server MM3.0
Linux kernel 2.6.0
Linux kernel 2.6.0 -test1
Linux kernel 2.6.0 -test10
Linux kernel 2.6.0 -test11
Linux kernel 2.6.0 -test2
Linux kernel 2.6.0 -test3
Linux kernel 2.6.0 -test4
Linux kernel 2.6.0 -test5
Linux kernel 2.6.0 -test6
Linux kernel 2.6.0 -test7
Linux kernel 2.6.0 -test8
Linux kernel 2.6.0 -test9
Linux kernel 2.6.0 -test9-CVS
Linux kernel 2.6.0 .10
Linux kernel 2.6.1
Linux kernel 2.6.1 -rc1
Linux kernel 2.6.1 -rc2
Linux kernel 2.6.10
Linux kernel 2.6.10 rc2
Linux kernel 2.6.11
Linux kernel 2.6.11 -rc2
Linux kernel 2.6.11 -rc3
Linux kernel 2.6.11 -rc4
Linux kernel 2.6.11 .11
Linux kernel 2.6.11 .12
Linux kernel 2.6.11 .4
Linux kernel 2.6.11 .5
Linux kernel 2.6.11 .6
Linux kernel 2.6.11 .7
Linux kernel 2.6.11 .8
Linux kernel 2.6.11.4
Linux kernel 2.6.12
Linux kernel 2.6.12 -rc1
Linux kernel 2.6.12 -rc4
Linux kernel 2.6.12 -rc5
Linux kernel 2.6.12 .1
Linux kernel 2.6.12 .12
Linux kernel 2.6.12 .2
Linux kernel 2.6.12 .22
Linux kernel 2.6.12 .3
Linux kernel 2.6.12 .4
Linux kernel 2.6.12 .5
Linux kernel 2.6.12 .6
Linux kernel 2.6.13
Linux kernel 2.6.13 -rc1
Linux kernel 2.6.13 -rc4
Linux kernel 2.6.13 -rc6
Linux kernel 2.6.13 -rc7
Linux kernel 2.6.13 .1
Linux kernel 2.6.13 .2
Linux kernel 2.6.13 .3
Linux kernel 2.6.13 .4
Linux kernel 2.6.14
Linux kernel 2.6.14 -rc1
Linux kernel 2.6.14 -rc2
Linux kernel 2.6.14 -rc3
Linux kernel 2.6.14 -rc4
Linux kernel 2.6.14 .1
Linux kernel 2.6.14 .2
Linux kernel 2.6.14 .3
Linux kernel 2.6.14.4
Linux kernel 2.6.14.5
Linux kernel 2.6.15
Linux kernel 2.6.15 -rc1
Linux kernel 2.6.15 -rc2
Linux kernel 2.6.15 -rc3
Linux kernel 2.6.15 -rc4
Linux kernel 2.6.15 -rc5
Linux kernel 2.6.15 -rc6
Linux kernel 2.6.15 .4
Linux kernel 2.6.15.1
Linux kernel 2.6.15.11
Linux kernel 2.6.15.2
Linux kernel 2.6.15.3
Linux kernel 2.6.15.5
Linux kernel 2.6.15.6
Linux kernel 2.6.16
Linux kernel 2.6.16 -rc1
Linux kernel 2.6.16 .1
Linux kernel 2.6.16 .11
Linux kernel 2.6.16 .12
Linux kernel 2.6.16 .19
Linux kernel 2.6.16 .23
Linux kernel 2.6.16 .7
Linux kernel 2.6.16 .9
Linux kernel 2.6.16 13
Linux kernel 2.6.16 27
Linux kernel 2.6.16.16
Linux kernel 2.6.16.17
Linux kernel 2.6.16.18
Linux kernel 2.6.16.2
Linux kernel 2.6.16.21
Linux kernel 2.6.16.3
Linux kernel 2.6.16.4
Linux kernel 2.6.16.5
Linux kernel 2.6.16.8
Linux kernel 2.6.17
Linux kernel 2.6.17 -rc5
Linux kernel 2.6.17 .8
Linux kernel 2.6.17.1
Linux kernel 2.6.17.10
Linux kernel 2.6.17.11
Linux kernel 2.6.17.12
Linux kernel 2.6.17.13
Linux kernel 2.6.17.14
Linux kernel 2.6.17.3
Linux kernel 2.6.17.4
Linux kernel 2.6.17.5
Linux kernel 2.6.17.6
Linux kernel 2.6.17.7
Linux kernel 2.6.17.9
Linux kernel 2.6.18
Linux kernel 2.6.18 .1
Linux kernel 2.6.18.3
Linux kernel 2.6.18.4
Linux kernel 2.6.19 -rc1
Linux kernel 2.6.19 -rc2
Linux kernel 2.6.19 -rc3
Linux kernel 2.6.19 -rc4
Linux kernel 2.6.19.1
Linux kernel 2.6.19.1
Linux kernel 2.6.19.2
Linux kernel 2.6.2
Linux kernel 2.6.20
Linux kernel 2.6.20-rc2
Linux kernel 2.6.3
Linux kernel 2.6.4
Linux kernel 2.6.5
Linux kernel 2.6.6
Linux kernel 2.6.6 rc1
Linux kernel 2.6.7
Linux kernel 2.6.7 rc1
Linux kernel 2.6.8
Linux kernel 2.6.8 rc1
Linux kernel 2.6.8 rc2
Linux kernel 2.6.8 rc3
Linux kernel 2.6.8.1
Linux kernel 2.6.9
MandrakeSoft Corporate Server 4.0
MandrakeSoft Corporate Server 4.0.0 x86_64
MandrakeSoft Linux Mandrake 2006.0.0
MandrakeSoft Linux Mandrake 2006.0.0 x86_64
MandrakeSoft Linux Mandrake 2007.0
MandrakeSoft Linux Mandrake 2007.0 x86_64
Pardus Linux 2007.1
RedHat Desktop 4.0.0
RedHat Enterprise Linux 5 server
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux Desktop 5 client
RedHat Enterprise Linux Desktop version 4
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux WS 4
RedHat Fedora Core2
RedHat Fedora Core3
RedHat Fedora Core4
RedHat Fedora Core5
RedHat Fedora Core6
S.u.S.E. Linux 10.0 ppc
S.u.S.E. Linux 10.0 x86
S.u.S.E. Linux 10.0 x86-64
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Personal 9.1.0
S.u.S.E. Linux Personal 9.1.0 x86_64
S.u.S.E. Linux Personal 9.2.0
S.u.S.E. Linux Personal 9.2.0 x86_64
S.u.S.E. openSUSE 10.2
Trustix Secure Enterprise Linux 2.0.0
Trustix Secure Linux 2.0.0
Trustix Secure Linux 2.1.0
Trustix Secure Linux 2.2.0
Trustix Secure Linux 3.0.0
Ubuntu Ubuntu Linux 4.1.0 ia32
Ubuntu Ubuntu Linux 4.1.0 ia64
Ubuntu Ubuntu Linux 4.1.0 ppc
Ubuntu Ubuntu Linux 5.0.0 4 amd64
Ubuntu Ubuntu Linux 5.0.0 4 i386
Ubuntu Ubuntu Linux 5.0.0 4 powerpc
Ubuntu Ubuntu Linux 6.06 LTS amd64
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu Ubuntu Linux 6.10 amd64
Ubuntu Ubuntu Linux 6.10 i386
Ubuntu Ubuntu Linux 6.10 powerpc
Ubuntu Ubuntu Linux 6.10 sparc
rPath rPath Linux 1

References:

Avaya: ASA-2007-115 kernel security update (RHSA-2007-0085)
David Howells: Bugzilla Bug 7727
Linux: Linux Kernel Homepage
Red Hat: RHSA-2007:0085-2 - kernel security update
Red Hat: RHSA-2007:0099-2 kernel security and bug fix update

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.

J-Security Center

Title: Linux Kernel Key_Alloc_Serial() Local Denial of Service Vulnerability

Severity: LOW

Description:

Affected Products:

References: