The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Linux kernel: denial of service via /proc next_pidmap

Synthesis of the vulnerability 

An attacker can access to the /proc directory, in order to stop the Linux kernel.
Impacted systems: Debian, Linux, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, ESX.
Severity of this alert: 1/4.
Creation date: 19/04/2011.
Références of this alert: BID-47497, CVE-2011-1593, DSA-2240-1, DSA-2264-1, openSUSE-SU-2011:0860-1, openSUSE-SU-2011:0861-1, openSUSE-SU-2013:0927-1, RHSA-2011:0927-01, RHSA-2011:1189-01, RHSA-2011:1253-01, SUSE-SA:2011:027, SUSE-SA:2011:031, SUSE-SA:2011:034, SUSE-SU-2011:0711-1, SUSE-SU-2011:0737-1, SUSE-SU-2011:0832-1, SUSE-SU-2011:0899-1, SUSE-SU-2011:1150-1, VIGILANCE-VUL-10577.

Description of the vulnerability 

The /proc virtual directory contains information on processes.

The getdents() (get directory entries) system call obtains the list of files of a directory. The lseek() call is used to change the current position in a file.

If an attacker opens the /proc directory, then moves with lseek(), then calls getdents(), the next_pidmap() function of the kernel/pid.c file obtains a pid (process number) which is too large. A fatal error then occurs in find_ge_pid().

A local attacker can therefore access to the /proc directory, in order to stop the Linux kernel.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This vulnerability note impacts software or systems such as Debian, Linux, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, ESX.

Our Vigil@nce team determined that the severity of this cybersecurity vulnerability is low.

The trust level is of type confirmed by the editor, with an origin of user shell.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this computer threat note.

Solutions for this threat 

Linux kernel: version 2.6.39.
The version 2.6.39 is corrected:
  http://www.kernel.org/pub/linux/kernel/v2.6/

Linux kernel: version 2.6.38.4.
The version 2.6.38.4 is corrected:
  http://www.kernel.org/pub/linux/kernel/v2.6/

Linux kernel: version 2.6.35.13.
The version 2.6.35.13 is corrected:
  http://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.35/

Linux kernel: version 2.6.32.39.
The version 2.6.32.39 is corrected:
  http://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.32/

Linux kernel: version 2.6.33.12.
The version 2.6.33.12 is corrected:
  http://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.33/

Linux kernel: version 2.6.27.59.
The version 2.6.27.59 is corrected:
  http://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.27/

Linux kernel: patch for /proc next_pidmap.
Two patches are available in information sources.

Debian: new linux-2.6 packages (20/06/2011).
New packages are available:
  linux-2.6 2.6.26-26lenny3

Debian: new linux-2.6 packages (25/05/2011).
New packages are available:
  linux-2.6 2.6.32-34squeeze1

openSUSE 11.3: new kernel packages.
New packages are available:
  kernel-*-2.6.34.10-0.2.1

openSUSE 11.4: new kernel-3.0.58 packages (10/06/2013).
New packages are available:
  kernel-3.0.58-30.2

openSUSE 11.4: new kernel packages (02/08/2011).
New packages are available:
  kernel-*-2.6.37.6-0.7.1

RHEL 5: new kernel packages.
New packages are available:
  kernel-2.6.18-238.19.1.el5

RHEL 6 MRG: new kernel-rt packages.
New packages are available:
MRG Realtime for RHEL 6 Server : kernel-rt-*-2.6.33.9-rt31.75.el6rt

RHEL 6: new kernel packages (23/08/2011).
New packages are available:
  kernel-2.6.32-131.12.1.el6

SUSE LE 10 SP3: new kernel packages (29/06/2011).
New packages are available:
  kernel-*-2.6.16.60-0.81.2

SUSE LE 10 SP4: new kernel packages (12/08/2011).
New packages are available, as indicated in information sources.

SUSE LE 11: new kernel packages.
New packages are available, as indicated in information sources.

SUSE LE Real Time 11: new kernel-rt packages.
New packages are available:
  kernel-rt-2.6.33.18-0.3.1

VMware ESX 4.1: patch ESX410-201201001.
A patch is available:
  ESX410-201201001
  http://downloads.vmware.com/go/selfsupport-download
  http://kb.vmware.com/kb/2009142
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides system vulnerability announces. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.