Linux Kernel 2.6.34 - 'find_keyring_by_name()' Local Memory Corruption

Author: Toshiyuki Okajima
type: dos
platform: linux
port: 
date_added: 2010-04-27  
date_updated: 2014-06-27  
verified: 1  
codes: CVE-2010-1437;OSVDB-64549  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 33886.txt  

source: https://www.securityfocus.com/bid/39719/info

The Linux kernel is prone to a local memory-corruption vulnerability.

Attackers can exploit this issue to crash the affected computer, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.

kernel 2.6.34-rc5 is vulnerable.

The following proof-of-concept is available:

for ((i=0; i<100000; i++)); do keyctl session wibble /bin/true || break; done