CVE-2009-0859
Published: 9 March 2009
The shm_get_stat function in ipc/shm.c in the shm subsystem in the Linux kernel before 2.6.28.5, when CONFIG_SHMEM is disabled, misinterprets the data type of an inode, which allows local users to cause a denial of service (system hang) via an SHM_INFO shmctl call, as demonstrated by running the ipcs program.
From the Ubuntu Security Team
The shared memory subsystem did not correctly handle certain shmctl calls when CONFIG_SHMEM was disabled. Ubuntu kernels were not vulnerable, since CONFIG_SHMEM is enabled by default.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
linux-source-2.6.15 Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
| dapper |
Released
(2.6.15-54.76)
|
|
| gutsy |
Does not exist
|
|
| hardy |
Does not exist
|
|
| intrepid |
Does not exist
|
|
|
linux-source-2.6.22 Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
| dapper |
Does not exist
|
|
| gutsy |
Released
(2.6.22-16.62)
|
|
| hardy |
Does not exist
|
|
| intrepid |
Does not exist
|
|
|
linux Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
| dapper |
Does not exist
|
|
| gutsy |
Does not exist
|
|
| hardy |
Released
(2.6.24-23.52)
|
|
| intrepid |
Released
(2.6.27-11.31)
|