CVE-2005-3807

Linux Kernel 2.6.10-2.6.15 - Denial of Service via VFS File Lease Handling

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-3807. PoCs published by J. Bruce Fields.

AI-analyzed exploit summary This exploit demonstrates a local denial-of-service vulnerability in the Linux kernel by repeatedly setting and releasing file-lock leases, causing excessive kernel memory consumption. The issue stems from a memory leak in the kernel's file-lock lease code.

Description

Memory leak in the VFS file lease handling in locks.c in Linux kernels 2.6.10 to 2.6.15 allows local users to cause a denial of service (memory exhaustion) via certain Samba activities that cause an fasync entry to be re-allocated by the fcntl_setlease function after the fasync queue has already been cleaned by the locks_delete_lock function.

Exploits (1)

exploitdb WORKING POC VERIFIED

by J. Bruce Fields · cdoslinux

https://www.exploit-db.com/exploits/26749

View Code ZIP pw:eip

This exploit demonstrates a local denial-of-service vulnerability in the Linux kernel by repeatedly setting and releasing file-lock leases, causing excessive kernel memory consumption. The issue stems from a memory leak in the kernel's file-lock lease code.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Linux kernel versions 2.6.10 through 2.6.14.2

No auth needed

Prerequisites: Local access to the target system

MITRE ATT&CK