CVE-2005-2098
Vulnerability Summary
Timeline
Description
The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel before 2.6.12.5 contains an error path that does not properly release the session management semaphore, which allows local users or remote attackers to cause a denial of service (semaphore hang) via a new session keyring (1) with an empty name string, (2) with a long name string, (3) with the key quota reached, or (4) ENOMEM.
CVSS Metrics
- v2.0•MEDIUM•Score: 5AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS Trends
Current EPSS score: 3.01%• Percentile: 87%
Affected Systems
- linux•linux_kernel
2.6.0 | 2.6.0:test1 | 2.6.0:test10 | 2.6.0:test11 | 2.6.0:test2 | 2.6.0:test3 | 2.6.0:test4 | 2.6.0:test5 | 2.6.0:test6 | 2.6.0:test7 | 2.6.0:test8 | 2.6.0:test9 | 2.6.1 | 2.6.1:rc1 | 2.6.1:rc2 | 2.6.2 | 2.6.3 | 2.6.4 | 2.6.5 | 2.6.6 | 2.6.6:rc1 | 2.6.7 | 2.6.7:rc1 | 2.6.8 | 2.6.8:rc1 | 2.6.8:rc2 | 2.6.8:rc3 | 2.6.8.1 | 2.6.8.1.5 | 2.6.9:2.6.20 | 2.6.10 | 2.6.10:rc2 | 2.6.11 | 2.6.11:rc2 | 2.6.11:rc3 | 2.6.11:rc4 | 2.6.11.1 | 2.6.11.2 | 2.6.11.3 | 2.6.11.4 | 2.6.11.5 | 2.6.11.6 | 2.6.11.7 | 2.6.11.8 | 2.6.11_rc1_bk6 | 2.6.12:rc1 | 2.6.12:rc4 | 2.6_test9_cvs
References (9)
- https://usn.ubuntu.com/169-1/
- http://www.securityfocus.com/bid/14521
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:220
- http://secunia.com/advisories/17073
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9638
- http://www.redhat.com/support/errata/RHSA-2005-514.html
- http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.5
- http://www.securityfocus.com/archive/1/427980/100/0/threaded
- http://secunia.com/advisories/16355/