Multiple Local Vulnerabilities in Linux Kernel

vendor:

Linux Kernel

by:

7.5

CVSS

HIGH

Denial-of-Service, Memory Disclosure

20, 125

CWE

Product Name: Linux Kernel

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Linux

Multiple Local Vulnerabilities in Linux Kernel

A handcrafted 'a.out' file can trigger a local denial-of-service condition, potentially resulting in a kernel panic. A memory-disclosure vulnerability affects only SMP computers with more than 4GB of memory, allowing a local attacker to access random pages of physical memory. Executing a specially crafted file results in a kernel oops and consuming file descriptors and memory.

Mitigation:

Apply patches and updates from the Linux kernel vendor. Avoid executing untrusted files.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/11754/info

The Linux kernel is reported prone to multiple local vulnerabilities:

- A handcrafted 'a.out' file may be used to trigger a local denial-of-service condition. A local attacker may exploit this vulnerability to trigger a system-wide denial of service, potentially resulting in a kernel panic. 

- A memory-disclosure vulnerability reportedly affects only SMP computers with more than 4GB of memory. A local attacker may exploit this vulnerability to access random pages of physical memory.

perl -e'print"\x07\x01".("\x00"x13)."\xc0".("\x00"x16)' > eout 

Executing the resulting 'eout' file reportedly results in a kernel oops. Repeatedly running the resulting file will consume file descriptors and memory.