PT-2002-2684 · Linux · Linux Kernel

Published

2002-12-31

Updated

2008-09-05

CVE-2002-1963

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Linux kernel versions 2.4.1 through 2.4.19

Description The issue allows local users to cause a denial of service, specifically resource exhaustion, by opening a certain number of setuid binaries. This occurs because the Linux kernel sets a limit of 10 files for root's NR RESERVED FILES, which can be exhausted by opening 10 setuid binaries.

Recommendations For Linux kernel versions 2.4.1 through 2.4.19, consider restricting access to setuid binaries to minimize the risk of exploitation. As a temporary workaround, limit the number of setuid binaries that can be opened by a local user to prevent resource exhaustion.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-1963

Affected Products

Linux Kernel

PT-2002-2684 · Linux · Linux Kernel

CVE-2002-1963

Related Identifiers

Affected Products

References · 5