{"vuid":"VU#245984","idnumber":"245984","name":"The Red Hat Enterprise Linux 3 SMP Kernel fails to properly handle IPC shared-memory","keywords":["Red Hat","Enterprise Linux 3","DoS","Denial of service","SMP","Kernel","shmat","shm","shmctl","IPC_RMID","spinlock","IPC shared-memory implementation"],"overview":"The Red Hat Enterprise Linux 3 SMP Kernel may allow an authenticated attacker to cause a denial-of-service condition with specially crafted IPC shared-memory functions.","clean_desc":"Inter-Process Communication (IPC) shared-memory is a method of passing data between programs used by the Red Hat Enterprise Linux 3 SMP Kernel. The shmat() function is used to attach shared memory segments to data segments of calling processes and the shmctl() function can be used to remove the shared memory segment. When these functions are run simultaneously, controls set by shmat() that limit access to areas of IPC shared-memory may not be properly removed before the shared-memory is removed by shmctl(). This could cause a deadlock condition where shmat() is left waiting indefinitely to remove shared-memory access controls.","impact":"An authenticated local attacker may be able to cause the system to freeze due to a deadlock condition, resulting in a denial of service.","resolution":"Upgrade or apply a patch\nPatches have been released to address this issue. Refer to Red Hat Security Advisory RHSA-2006:0710. Users who compile the kernel from source are encouraged to update to the most recent version.","workarounds":"","sysaffected":"","thanks":"This issue was reported in \nRed Hat Security Advisory RHSA-2006:0710-01","author":"This document was written by Chris Taschner.","public":["https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=205618","http://www.redhat.com/support/errata/RHSA-2006-0710.html","http://secunia.com/advisories/22497"],"cveids":["CVE-2006-4342"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-10-26T16:26:10Z","publicdate":"2006-10-19T00:00:00Z","datefirstpublished":"2006-11-06T18:17:20Z","dateupdated":"2006-11-16T16:30:34Z","revision":14,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"4","cam_population":"10","cam_impact":"3","cam_easeofexploitation":"3","cam_attackeraccessrequired":"1","cam_scorecurrent":"0.0320625","cam_scorecurrentwidelyknown":"0.0405","cam_scorecurrentwidelyknownexploited":"0.07425","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.0320625,"vulnote":null}