Affected Versions:
Linux kernel 2.6.x vulnerability description:
Linux Kernel is the Kernel used by open source Linux.
The release_one_tty () function in the drivers/char/tty_io.c driver of Linux Kernel has the memory leakage vulnerability. Local Users can call release_one_tty () When TTY still references pgrp/session to cause DOS.
<* Reference
Http://secunia.com/advisories/39490/
Http://kerneltrap.org/mailarchive/linux-kernel/2010/3/27/4552426/thread#mid-4552426
*>
Test method:
The Program (method) provided on this site may be offensive and only used for security research and teaching. You are at your own risk! (1) navigate to the console.
(2) Try to log on. /Sbin/mingetty will call/bin/login. Terminate the/bin/login process through successful login and logout or login failure. Then/sbin/init will re-generate the/sbin/mingetty process.
(3) log on as root.
(4) Run echo scan>/sys/kernel/debug/kmemleak
(5) Wait for a while.
(6) Run cat/sys/kernel/debug/kmemleakSEBUG Security suggestions:
Vendor patch:
Linux
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://git.kernel.org /? P = linux/kernel/git/torvalds/linux-2.6.git; a = commitdiff; h = 6da8d866d0d39e9509ff826660f6a86a6757c966