CVE-2010-1437 – Linux Kernel 2.6.34 - 'find_keyring_by_name()' Local Memory Corruption

https://notcve.org/view.php?id=CVE-2010-1437

Race condition in the find_keyring_by_name function in security/keys/keyring.c in the Linux kernel 2.6.34-rc5 and earlier allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via keyctl session commands that trigger access to a dead keyring that is undergoing deletion by the key_cleanup function. Condición de carrera en la función find_keyring_by_name en security/keys/keyring.c el el kernel de Linux v2.6.34-rc5 y anteriores, permite usuarios locales provocar una denegación de servicio (corrupción de memoria y caída del sistema) o posiblemente tener otros impactos, mediante comandos de sesión "keyctl" que provocan el acceso a una secuencia de pulsaciones en desuso que está bajo un borrado en la función key_cleanup. • https://www.exploit-db.com/exploits/33886 http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html http://marc.info/?l=linux-kernel&m=127192182917857&w=2 http://marc.info/?l=linux-kernel&m=127274294622730&w=2 http://marc.info/?l=linux-kernel&m=127292492727029&w=2 http://secunia.com/advisories/39830 http://secunia.com/advisories/40218 http://secunia.com/advisories/40645 http://secunia.com/advisories/43315 http://www.debian.org/security/2010/dsa-205 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •