Vulnerability Description
The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel before 2.6.12.5 contains an error path that does not properly release the session management semaphore, which allows local users or remote attackers to cause a denial of service (semaphore hang) via a new session keyring (1) with an empty name string, (2) with a long name string, (3) with the key quota reached, or (4) ENOMEM.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | 2.6.0 |
References
- http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.5
- http://secunia.com/advisories/16355/PatchVendor Advisory
- http://secunia.com/advisories/17073
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:220
- http://www.redhat.com/support/errata/RHSA-2005-514.html
- http://www.securityfocus.com/archive/1/427980/100/0/threaded
- http://www.securityfocus.com/bid/14521
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://usn.ubuntu.com/169-1/
- http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.5
- http://secunia.com/advisories/16355/PatchVendor Advisory
- http://secunia.com/advisories/17073
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:220
- http://www.redhat.com/support/errata/RHSA-2005-514.html
- http://www.securityfocus.com/archive/1/427980/100/0/threaded
FAQ
What is CVE-2005-2098?
CVE-2005-2098 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel before 2.6.12.5 contains an error path that does not properly release the session management semaphore, which allows local users or remote...
How severe is CVE-2005-2098?
CVE-2005-2098 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-2098?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.