The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Linux kernel: denial of service of qdisc_run

Synthesis of the vulnerability 

A local attacker can generate a high network load in order to lock the system in __qdisc_run().
Vulnerable software: Debian, Linux, RHEL.
Severity of this announce: 1/4.
Creation date: 23/12/2008.
Références of this computer vulnerability: 477744, BID-32985, CVE-2008-5713, DSA-1794-1, RHSA-2009:0264-01, VIGILANCE-VUL-8353.

Description of the vulnerability 

The __qdisc_run() function of net/sched/sch_generic.c schedules the output of packets.

When a user sends a lot of packets, the kernel never leaves this function. Other system operations are therefore always postponed.

A local attacker can thus generate a high network load in order to lock the system in __qdisc_run().
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This cybersecurity bulletin impacts software or systems such as Debian, Linux, RHEL.

Our Vigil@nce team determined that the severity of this cybersecurity weakness is low.

The trust level is of type confirmed by the editor, with an origin of user account.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this computer vulnerability bulletin.

Solutions for this threat 

Linux kernel: version 2.6.24.5.
Version 2.6.24.5 is corrected:
  http://www.kernel.org/pub/linux/kernel/v2.6/

Linux kernel: patch for qdisc_run.
A patch is available.

Debian 4: new linux-2.6 packages.
New packages are available:
  http://security.debian.org/pool/updates/main/l/linux-2.6/*_2.6.18.dfsg.1-24etch1_*.deb

RHEL 5: new kernel packages.
New packages are available:
  kernel-2.6.18-128.1.1.el5
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a software vulnerability database. The Vigil@nce vulnerability database contains several thousand vulnerabilities.