CVE-2010-2960

Priority
Medium
Description
The keyctl_session_to_parent function in security/keys/keyctl.c in the
Linux kernel 2.6.35.4 and earlier expects that a certain parent session
keyring exists, which allows local users to cause a denial of service (NULL
pointer dereference and system crash) or possibly have unspecified other
impact via a KEYCTL_SESSION_TO_PARENT argument to the keyctl function.
Ubuntu-Description
Tavis Ormandy discovered that the session keyring did not correctly check
for its parent. On systems without a default session keyring, a local
attacker could exploit this to crash the system, leading to a denial of
service.
References
Notes
kees> system crash without pam_keyinit
Assigned-to
sconklin
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 11.04 (Natty Narwhal):DNE
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):released (2.6.32-309.18)
Ubuntu 11.04 (Natty Narwhal):DNE
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):released (2.6.32-216.33)
Ubuntu 11.04 (Natty Narwhal):DNE
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):released (2.6.35-25.44~lucid1)
Ubuntu 11.04 (Natty Narwhal):DNE
Package
Source: linux (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):not-affected
Ubuntu 10.04 LTS (Lucid Lynx):released (2.6.32-25.45)
Ubuntu 11.04 (Natty Narwhal):not-affected
Patches:
upstream:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff_plain;h=9d1ac65a9698513d00e5608d93fca0c53f536c14
upstream:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff_plain;h=3d96406c7da1ed5811ea52a3b0905f4f0e295376
Lucid:http://chinstrap.ubuntu.com/~sconklin/CVEs/CVE-2010-2960/patches/lucid/linux/0001-KEYS-Fix-RCU-no-lock-warning-in-keyctl_session_to_pare.txt
Lucid:http://chinstrap.ubuntu.com/~sconklin/CVEs/CVE-2010-2960/patches/lucid/linux/0002-KEYS-Fix-bug-in-keyctl_session_to_parent-if-parent-has.txt
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
Ubuntu 11.04 (Natty Narwhal):DNE
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 11.04 (Natty Narwhal):not-affected
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:21:15 UTC (commit 5347)