Bug 121930 (CVE-2005-3119)

Summary: VUL-0: CVE-2005-3119: kernel: plug request_key_auth memleak
Product: [Novell Products] SUSE Security Incidents Reporter: Thomas Biege <thomas>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED INVALID QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None CC: patch-request, security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: All   
Whiteboard: CVE-2005-3119: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:N/A:P)
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Thomas Biege 2005-10-10 10:22:20 UTC 
Here we go...


To: vendor-sec@lst.de
User-Agent: Mutt/1.5.6i
Subject: [vendor-sec] [Fwd: [PATCH] key: plug request_key_auth memleak]
Errors-To: vendor-sec-admin@lst.de
Date: Fri, 7 Oct 2005 15:42:00 -0700

Possible memleak if CONFIG_KEYS is enabled.  No embargo plan.  Will go
into next -stable.  Hasn't hit upstream yet AFAICT.

----- Forwarded message from David Howells <dhowells@redhat.com> -----

From: David Howells <dhowells@redhat.com>
To: torvalds@osdl.org, akpm@osdl.org
X-Mailer: MH-E 7.84; nmh 1.1; GNU Emacs 22.0.50.1
Date: Fri, 07 Oct 2005 15:01:09 +0100
Cc: security@kernel.org
Subject: [Security] [PATCH] key: plug request_key_auth memleak


Plug request_key_auth memleak.  This can be triggered by unprivileged
users, so is local DoS.

Signed-off-by: Chris Wright <chrisw@osdl.org>
Signed-Off-By: David Howells <dhowells@redhat.com>
---
 security/keys/request_key_auth.c |    1 +
 1 files changed, 1 insertion(+)

Index: linus-2.6/security/keys/request_key_auth.c
===================================================================
--- linus-2.6.orig/security/keys/request_key_auth.c
+++ linus-2.6/security/keys/request_key_auth.c
@@ -96,6 +96,7 @@ static void request_key_auth_destroy(str
        kenter("{%d}", key->serial);

        key_put(rka->target_key);
+       kfree(rka);

 } /* end request_key_auth_destroy() */


_______________________________________________
Comment 1 Thomas Biege 2005-10-10 10:22:29 UTC 
CAN-2005-3119
Comment 2 Marcus Meissner 2005-10-10 14:05:46 UTC 
http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=74fd92c511bd4a0771ac0faaaef38bb1be3a29f6  
  
... not enabled in our kernels. 
 
so not affected.
Comment 3 Marcus Meissner 2005-11-25 12:20:38 UTC 
from security internal -> novell internal
Comment 4 Marcus Meissner 2006-06-19 19:22:35 UTC 
bothing hidden in here.
Comment 5 Thomas Biege 2009-10-13 21:41:07 UTC 
CVE-2005-3119: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:N/A:P)