Re: Three more security problems in the 2.6 kernel
Moritz Muehlenhoff wrote:
> Hi Horms / security team,
> I found three more security related reports/patches on linux-kernel.
>
> Cheers,
> Moritz
>
> From: David Howells <dhowells@redhat.com>
>
> Plug request_key_auth memleak. This can be triggered by unprivileged
> users, so is local DoS.
>
> Signed-off-by: Chris Wright <chrisw@osdl.org>
> Signed-Off-By: David Howells <dhowells@redhat.com>
> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
> ---
> security/keys/request_key_auth.c | 1 +
> 1 file changed, 1 insertion(+)
>
> --- linux-2.6.13.y.orig/security/keys/request_key_auth.c
> +++ linux-2.6.13.y/security/keys/request_key_auth.c
> @@ -96,6 +96,7 @@ static void request_key_auth_destroy(str
> kenter("{%d}", key->serial);
>
> key_put(rka->target_key);
> + kfree(rka);
>
> } /* end request_key_auth_destroy() */
This is CAN-2005-3119 and... uh... not supposed to be public yet...
Regards,
Joey
--
Life is too short to run proprietary software. -- Bdale Garbee
Reply to: