October 7, 2006

Linux Kernel "sys_perfmon()" and "clip_mkip()" Denial of Service Vulnerabilities

Advisory ID : FrSIRT/ADV-2006-3937
CVE ID : CVE-2006-3741 - CVE-2006-4997
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-10-06

Technical Description

Two vulnerabilities have been identified in Linux Kernel, which could be exploited by attackers to cause a denial of service.

The first issue is due to an error in the "sys_perfmon()" [arch/ia64/kernel/perfmon.c] function that does not properly decrement the file descriptor reference count, which could be exploited by remote attackers to exhaust all available resources, creating a denial of service condition.

The second flaw is due to an error in the "clip_mkip()" [net/atm/clip.c] function that erroneously dereferences "skb->dev" after "clip_push()", which could be exploited to panic a vulnerable system.

Link: FrSIRT

Click Here!