SecurityTracker: Linux Kernel Directory Notification Subsytem Race Condition Lets Local Users Deny Service and Potentially Gain Elevated Privileges

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: OS (Linux) > Linux Kernel

Vendors: kernel.org

Linux Kernel Directory Notification Subsytem Race Condition Lets Local Users Deny Service and Potentially Gain Elevated Privileges

SecurityTracker Alert ID: 1019959

SecurityTracker URL: http://securitytracker.com/id/1019959

CVE Reference: CVE-2008-1375 (Links to External Site)

Date: May 2 2008

Impact: Denial of service via local system, Root access via local system, User access via local system

Fix Available: Yes Vendor Confirmed: Yes

Version(s): prior to 2.6.25.1

Description: A vulnerability was reported in the Linux Kernel. A local user can cause denial of service conditions. A local user may be able to obtain elevated privileges on the target system.

A local user can exploit a race condition between a fcntl() and a close() function call to send arbitrary signals to arbitrary processes. This may allow the user to gain elevated privileges.

Alexander Viro reported this vulnerability.

Impact: A local user can cause denial of service conditions on the target system.

A local user may be able to obtain elevated privileges on the target system.

Solution: The vendor has issued a fix (2.6.25.1).

The vendor's advisory is available at:

http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.1

Vendor URL: www.kernel.org/ (Links to External Site)

Cause: State error

Underlying OS:

Message History: This archive entry has one or more follow-up message(s) listed below.

May 7 2008	(Red Hat Issues Fix) Linux Kernel Directory Notification Subsytem Race Condition Lets Local Users Deny Service and Potentially Gain Elevated Privileges (bugzilla@redhat.com) Red Hat has released a fix for Red Hat Enterprise Linux 3.
May 7 2008	(Red Hat Issues Fix) Linux Kernel Directory Notification Subsytem Race Condition Lets Local Users Deny Service and Potentially Gain Elevated Privileges (bugzilla@redhat.com) Red Hat has released a fix for Red Hat Enterprise Linux 5.
May 7 2008	(Red Hat Issues Fix) Linux Kernel Directory Notification Subsytem Race Condition Lets Local Users Deny Service and Potentially Gain Elevated Privileges (bugzilla@redhat.com) Red Hat has released a fix for Red Hat Enterprise Linux 4.
Jul 29 2008	(VMware Issues Fix for ESX Server) Linux Kernel Directory Notification Subsytem Race Condition Lets Local Users Deny Service and Potentially Gain Elevated Privileges (security-announce@lists.vmware.com) VMware has issued a fix for VMware ESX Server 3.5.

Source Message Contents

Date: Fri, 2 May 2008 09:34:07 -0400
Subject: Linux Kernel


http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.1

    Fix dnotify/close race (CVE-2008-1375)

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2012, SecurityGlobal.net LLC