|The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.|
Linux kernel: denial of service via /proc/net/udp
Synthesis of the vulnerability
An attacker can read from /proc/net/udp in order to stop the system.
Vulnerable products: Linux.
Severity of this weakness: 1/4.
Consequences of a hack: denial of service on server.
Hacker's origin: user shell.
Creation date: 01/04/2009.
Références of this bulletin: BID-34329, BID-34333, CVE-2009-1243, VIGILANCE-VUL-8586.
Description of the vulnerability
The /proc/net/udp pseudo file indicates the list of listening UDP services or established UDP sessions (its content is equivalent to "netstat -aun").
To handle the various simultaneous access to this file, the kernel uses a lock. When the user requests a read() on this file, the kernel locks the access, sends the data, and unlock the access.
If the user requests a read() of zero byte on this file, the kernel does not need to lock the access. However, at the end of the call, it tries to unlock a lock which is not locked. This error stops the kernel.
An attacker can therefore read from /proc/net/udp in order to stop the system.
Full Vigil@nce bulletin... (Free trial)
Computer vulnerabilities tracking service
Vigil@nce provides a network vulnerability patch. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The technology watch team tracks security threats targeting the computer system. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.