| Vigil@nce team describes computer vulnerabilities impacting your systems, and offers solutions to correct them. |
|
 |
|
|
|
vulnerability CVE-2010-0410
Linux kernel: denial of service via connector
Synthesis of the vulnerability
| A local attacker can force the connector driver to use all system memory, which halts the system. |
Severity: 1/4.
Creation date: 03/02/2010.
|
Description of the vulnerability
Sockets of type NETLINK are used to exchange messages between the user and the kernel.
The connector driver is based on the NETLINK_CONNECTOR family, and implements a queue and a notification system.
However, a local attacker can send several NETLINK_CONNECTOR messages, in order to progressively use all kernel memory.
A local attacker can thus generate a denial of service. |
Complete Vigil@nce bulletin
Characteristics
Title: Linux kernel: denial of service via connector.
Keywords: Linux NETLINK NETLINK_CONNECTOR connector denial kernel service.
Identifiers: BID-38058, CVE-2010-0410, DSA-1996-1, DSA 2003-1, DSA 2004-1, FEDORA-2010-1787, FEDORA-2010-1804, MDVSA-2010:088, RHSA-2010:0161-01, RHSA-2010:0398-01, SUSE-SA:2010:014, SUSE-SA:2010:016, SUSE-SA:2010:018, SUSE-SA:2010:019, SUSE-SA:2010:023, VIGILANCE-VUL-9405.
|
Information sources
Solutions for this vulnerability
Computer vulnerabilities tracking service
The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
The Vigil@nce vulnerability database contains several thousand vulnerabilities.
This bulletin is published by the Vigil@nce team, which tracks computer vulnerabilities impacting systems and applications.
Computer vulnerability bulletins
|
