NetWinder.org - NetWinder security advisory Page

NAVIGATION

About
News
Support

Downloads
- Search
- Mirrors
- Auto update

Documentation
- FAQ
- HOWTOs
- ARM info
- Crusoe info

Development
- Toolchain
- Autobuild
- Users

Sponsored by:

NetWinder security advisory

ID	2000-006
Issued	2000-Mar-23
Updated	2000-Apr-11
Package	kernel
Summary	Denial-of-service in kernel
Category	Denial-of-service
Severity	Medium (local denial-of-service)
Products	Developer dm-3.1-15 and earlier
	OfficeServer os-1.5-4 and earlier

DESCRIPTION

A denial-of-service condition exists in Linux kernels up to and including 2.2.14. The kernel ignores the limits set in "/proc/sys/net/core/vmem_max" and is therefore susceptible to a denial-of-service attack if a local user creates large numbers of unix domain socket connections. Various system functions, including networking and X, may cease to function when the unix domain socket space is exhausted.

SOLUTION

A kernel patch is available from Alan Cox. It will be incorporated into the 2.2.15 linux kernel.

http://www.kernel.org/pub/linux/kernel/people/alan/2.2.15pre/pre-patch-2.2.15-16.gz

REFERENCES

Reported to Bugtraq on March 23, 2000 by Jay Fenlason. http://www.securityfocus.com/vdb/bottom.html?vid=1072