Orange Business Services
Vigil@nce Vigil@nce Vigil@nce
we track for your security since 1999
  home presentation vulnerabilities documentation contact  
subscriber area subscriber area
free access free access
The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them.
recent vulnerabilities recent vulnerabilities
tracked products tracked products
RSS feed RSS feed
vulnerability

vulnerability announce CVE-2012-2745

Linux kernel: denial of service via KEYCTL_SESSION_TO_PARENT

Synthesis of the vulnerability

A local attacker can copy his cryptographic keys with KEYCTL_SESSION_TO_PARENT, in order to stop the kernel.
Impacted products: Linux, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Creation date: 10/07/2012.
Identifiers: 833428, BID-54365, CVE-2012-2745, openSUSE-SU-2013:0396-1, RHSA-2012:1064-01, SUSE-SU-2012:1350-1, VIGILANCE-VUL-11752.

Description of the vulnerability

The keyctl KEYCTL_SESSION_TO_PARENT is used by a process to copy its cryptographic keys to his parent process.

However, if a new process is created during this copy, this process obtains invalid keys. The kernel then uses an invalid memory area and stops.

A local attacker can therefore copy his cryptographic keys with KEYCTL_SESSION_TO_PARENT, in order to stop the kernel.
Complete Vigil@nce bulletin.... (free access)

Share this bulletin

Delicious Digg Facebook Google bookmarks LinkedIn Mail Reddit StumbleUpon Technorati Twitter 

Computer vulnerabilities tracking service

Vigil@nce provides software vulnerability bulletins. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.



















Copyright 1999-2013 Vigil@nce. Vigil@nce is a service from Orange Business Services. Site map. Legal notice. Version française