113323 – Kernel: Local DoS through exec() POSIX timers (CVE-2005-3271)

Bug 113323 - Kernel: Local DoS through exec() POSIX timers (CVE-2005-3271)

Summary: Kernel: Local DoS through exec() POSIX timers (CVE-2005-3271)

Status:	RESOLVED INVALID

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Duplicates (1):	113502 (view as bug list)
Depends on:
Blocks:

Reported:	2005-11-23 02:02 UTC by Thierry Carrez (RETIRED)
Modified:	2005-11-26 09:12 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thierry Carrez (RETIRED) gentoo-dev

2005-11-23 02:02:06 UTC

In Ubuntu's USN-219-1:

A resource leak has been discovered in the handling of POSIX timers in
the exec() function. This could be exploited to a Denial of Service
attack by a group of local users. This vulnerability only affects
Ubuntu 4.10. (CVE-2005-3271)

Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-11-25 12:52:38 UTC

*** Bug 113502 has been marked as a duplicate of this bug. ***

Comment 2 Tim Yamin (RETIRED) gentoo-dev

2005-11-26 09:12:08 UTC

Non-issue, this affects < 2.6.11 at the very minimum if not older than that
(patch is from 2004).