LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

LWN.net Weekly Edition for February 2, 2012

A tempest in a toybox

LWN.net Weekly Edition for January 26, 2012

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

MeeGo alert MeeGo-SA-10:15 (kernel)



From:
    	      "Ware, Ryan R" <ryan.r.ware@intel.com> 


To:
    	      "meego-security@meego.com" <meego-security@meego.com> 


Subject:
    	      [MeeGo-security] [MeeGo-SA-10:15.kernel] find_keyring_by_name Can
	Gain Freed Keyring 


Date:
    	      Fri, 27 Aug 2010 16:22:36 -0700


Message-ID:
    	      <C89D96CC.363B0%ryan.r.ware@intel.com>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
==
MeeGo-SA-10:15.kernel                Security Advisory
                                                                MeeGo
Project

Topic:          find_keyring_by_name Can Gain Freed Keyring

Category:       Linux Kernel
Module:         kernel-netbook
Announced:      August 3, 2010
Affects:        MeeGo 1.0
Corrected:      August 3, 2010
MeeGo BID: 2192
CVE:  CVE-2010-1437

For general information regarding MeeGo Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://www.MeeGo.com/>.

I.   Background

- From Wikipedia: "The Linux kernel is an operating system kernel used
by the Linux family of Unix-like operating systems. It is one of the
most prominent examples of free and open source software."

II.  Problem Description

Race condition in the find_keyring_by_name function in
security/keys/keyring.c in the Linux kernel 2.6.34-rc5 and earlier
allows local users to cause a denial of service (memory corruption and
system crash) or possibly have unspecified other impact via keyctl
session commands that trigger access to a dead keyring that is
undergoing deletion by the key_cleanup function.
CVSS v2 Base: 1.9 (LOW)
Access Vector: Locally Exploitable

III. Impact

Potential access to dead keyring because of race condition (CWE-362)

IV.  Workaround

None

V.   Solution

Update to package kernel-netbook-2.6.33.5-24.1 or later.

VI. References

http://bugs.meego.com/show_bug.cgi?id=2192
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-...
http://cwe.mitre.org/data/definitions/362.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.13 (Darwin)

iQEcBAEBAgAGBQJMeEPXAAoJECxjfBlj7RcKRtEH/jWe/zN9zKSeBpbICCdnXh0D
Fi/6Mj/fd/Gowqlf5vBVFUauPg/H0NqFGjFvIOVviCduvkNBUiEO/XbW2x0sftGk
RopreFZotsNOEpiJcy6c9CVFwGGDvFRNjyow5XxMTwKclHsu0WTqIFA2ObGdOvQ6
Zd/YBe2akRN0N5EBURdHxLnVFHDOFePIcPPFyGA8wI9cxnR63IOKrG8x1mPOGY18
AQBfduHRqTjVFfyoq+HyPbbE79V5ZfcT69mZUFNW4KvEEdVeTVBl6mSV6ZHu7KEW
gCAOHJubqZ8/c2uQQxkK2bli6HvUMEPrV5Rzcc5WavLD5EuLo2ZOgxiL+fRjyIQ=
=I7Qn
-----END PGP SIGNATURE-----

_______________________________________________
MeeGo-security mailing list
MeeGo-security@meego.com
http://lists.meego.com/listinfo/meego-security
(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds