The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Linux kernel: denial of service via lsof

Synthesis of the vulnerability 

A local attacker can stop system by calling lsof.
Vulnerable products: Linux, lsof, RHEL.
Severity of this weakness: 1/4.
Creation date: 30/05/2006.
Références of this bulletin: 189031, 189260, CVE-2006-1862, RHSA-2006:049, RHSA-2006:0493-01, VIGILANCE-VUL-5880.

Description of the vulnerability 

The lsof command obtains information about resources in use.

However, due a virtual memory management error, an attacker can call lsof several thousand times to stop kernel.

This vulnerability therefore permits a local attacker to conduct a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This weakness alert impacts software or systems such as Linux, lsof, RHEL.

Our Vigil@nce team determined that the severity of this computer vulnerability note is low.

The trust level is of type confirmed by the editor, with an origin of user shell.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this security bulletin.

Solutions for this threat 

RHEL: new kernel packages.
New packages are available:
Red Hat Enterprise Linux version 4: kernel-2.6.9-34.0.1.EL
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a systems vulnerabilities alert. The technology watch team tracks security threats targeting the computer system.