CERT-MU Vulnerability Note VN-2010-4
Novell eDirectory eMBox SOAP Request Denial of Service Vulnerability
Original Issue Date: February 18, 2010
Severity Rating: Low
Systems Affected
- Linux Kernel versions prior to 2.6.33-rc7
Overview
A vulnerability has been reported in Linux Kernel, which could be exploited by local attackers to gain knowledge of sensitive information or cause a denial of service(DoS) condition.
Description
This vulnerability is caused by an error in the "do_pages_move()" [mm/migrate.c] function failing to explicitly test node values read from user-space. An attacker could exploit this vulnerability by using a large value or a negative value , to obtain sensitive information or to panic a vulnerable system, resulting in a denial of service (DoS) condition.
Solution
Upgrade to version 2.6.33-rc7 :
http://www.kernel.org/
Vendor Information
kernel.org
http://www.kernel.org/
References
kernel.org
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.33-rc7
Secunia
http://secunia.com/advisories/38502/
VUPEN Security
http://www.vupen.com/english/advisories/2010/0329
SecurityTracker
http://securitytracker.com/alerts/2010/Feb/1023554.html
CVE Name
CVE-2010-0415
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
|
