On Mon, Oct 10, 2005 at 09:45:01PM +0200, Moritz Muehlenhoff wrote: > Hi, > I found this in an Ubuntu advisory, no CVE assignment seems yet to have > been made. > > Robert Derr discovered a memory leak in the system call auditing code. > On a kernel which has the CONFIG_AUDITSYSCALL option enabled, this > leads to memory exhaustion and eventually a Denial of Service. A local > attacker could also speed this up by excessively calling system calls. > This only affects customized kernels built from the kernel source > packages. The standard Ubuntu kernel does not have the > CONFIG_AUDITSYSCALL option enabled, and is therefore not affected by > this. > (http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=829841146878e082613a49581ae252c071057c23)
Thanks, I have put that in here for now http://svn.debian.org/wsvn/kernel/people/horms/patch_notes/misc/auditsyscall_leak?op=file&rev=0&sc=0 -- Horms _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
