177498 – CVE-2006-0035 netlink DoS

Bug 177498 - CVE-2006-0035 netlink DoS

Summary: CVE-2006-0035 netlink DoS

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat Enterprise Linux 3
Classification:	Red Hat
Component:	kernel
Sub Component:
Version:	3.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	high
Target Milestone:	---
Assignee:	Thomas Graf
QA Contact:	Brian Brock
Docs Contact:
URL:
Whiteboard:	reported=20060109,public=2006010:2102...
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2006-01-11 10:24 UTC by Mark J. Cox
Modified:	2014-06-18 08:28 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2006-01-13 22:40:16 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Comment 1 Mark J. Cox 2006-01-11 10:25:32 UTC

NOTE: We have not verified if this issue affects RHEL3.

+++ This bug was initially created as a clone of Bug #177496 +++

A netlink message with nlmsg_len set to 0 can cause an infinite loop holding the
netlink semaphore therefore allowing a local unprivileged DoS.

Here is the upstream fix for this issue:

http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ad8e4b75c8a7bed475d72ce09bf526718862196

Comment 2 Thomas Graf 2006-01-13 22:40:16 UTC

RHEL3 is not affected, the bug was introduced in a cleanup that never made it
into RHEL3.

Note You need to log in before you can comment on or make changes to this bug.