VulDB: Linux Kernel cred.c copy_creds() denial of service
General
scipID: 5656
Affected: Linux Kernel
Published: 07/10/2012
Risk: 
problematic
Entry: 85.3% complete
Created: 07/19/2012
Updated: 09/03/2012
Summary
A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function copy_creds() of the file cred.c. The manipulation with an unknown input leads to a denial of service vulnerability. As an impact it is known to affect availability.
The weakness was released 07/10/2012 with Beyond Security’s SecuriTeam Secure Disclosure as RHSA-2012:1064-2 as advisory (Red Hat Security Advisory). The advisory is shared for download at rhn.redhat.com. This vulnerability was named CVE-2012-2745 since 05/14/2012. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. There are known technical details, but no exploit is available.
Applying a patch is able to eliminate this problem. The bugfix is ready for download at rhn.redhat.com. A possible mitigation has been published immediately after the disclosure of the vulnerability. The vulnerability is also documented in the databases at OSVDB (83666) and Secunia (SA49778).CVSS
Base Score: 7.1 (CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C) [?]
| Access Vector | Access Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Local | High | Multiple | None | None | None |
| Adjacent | Medium | Single | Partial | Partial | Partial |
| Network | Low | None | Complete | Complete | Complete |
Exploiting
Class: Denial of service
Local: No
Remote: Yes
Availability: No
Countermeasures
Recommended: Patch
Reaction Time: 0 days since reported
0-Day Time: 0 days since found
Exposure Time: 0 days since known
Patch: rhn.redhat.com
Timeline
05/14/2012 | CVE assigned
07/10/2012 | Advisory disclosed
07/10/2012 | Countermeasure disclosed
07/10/2012 | OSVDB entry created
07/19/2012 | VulDB entry created
09/03/2012 | VulDB entry updated
Sources
Advisory: RHSA-2012:1064-2
Company: Beyond Security’s SecuriTeam Secure Disclosure
OSVDB: 83666
CVE: CVE-2012-2745 (mitre.org) (nist.org) (cvedetails.com)
Secunia: 49778
