Bug#287769: kernel-image-2.4.27-i386: CAN-2004-1016: flaw in the scm_send function

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#287769: kernel-image-2.4.27-i386: CAN-2004-1016: flaw in the scm_send function
From: Finn-Arne Johansen <faj@bzz.no>
Date: Wed, 29 Dec 2004 23:53:34 +0100
Message-id: <[🔎] E1CjmhD-0007aj-0p@fajx300.bzzware.org>
Reply-to: Finn-Arne Johansen <faj@bzz.no>, 287769@bugs.debian.org

Package: kernel-image-2.4.27-i386
Severity: normal

Petter Reinholdsen (pere) forwarded some issues regarding the
RHEL kernels, and I've found that at least 2 of them affects
kernel-image-2.4.27-i386


> ISEC security research and Georgi Guninski independantly discovered a
> flaw in the scm_send function in the auxiliary message layer. A local
> user could create a carefully crafted auxiliary message which could
> cause a denial of service (system hang). The Common Vulnerabilities
> and Exposures project (cve.mitre.org) has assigned the name
> CAN-2004-1016 to this issue.

I ran the code on a sarge installation - as root, and effectivly hang
the installation. This was a 386-kernel. Retried as a normal user,
using a 686-smp kernel, and it hang one CPU effectivly 100%. NOt even
possible to kill with 'kill -9 <PID>'

Reply to:

Follow-Ups:
- Bug#287769: kernel-image-2.4.27-i386: CAN-2004-1016: flaw in the scm_send function
  - From: Martin Michlmayr <tbm@cyrius.com>

Prev by Date: kernel-patch-powerpc-2.6.9_2.6.9-2_powerpc.changes UNACCEPT
Next by Date: Bug#287770: CAN-2004-1137: allow a local user to cause a denial of service
Previous by thread: Re: How can I make a kernel package that is _identical_ to those available for download?
Next by thread: Bug#287769: kernel-image-2.4.27-i386: CAN-2004-1016: flaw in the scm_send function
Index(es):
- Date
- Thread