Candidate: CVE-2006-7051 References: BUGTRAQ:20060404 Linux Kernel Local DoS vulnerability. URL:http://www.securityfocus.com/archive/1/archive/1/430278/30/5790/threaded MILW0RM:1657 URL:http://www.milw0rm.com/exploits/1657 XF:linux-systimercreate-dos(25712) URL:http://xforce.iss.net/xforce/xfdb/25712 Description: The sys_timer_create function in posix-timers.c for Linux kernel 2.6.x allows local users to cause a denial of service (memory consumption) and possibly bypass memory limits or cause other processes to be killed by creating a large number of posix timers, which are allocated in kernel memory but are not treated as part of the process' memory. Ubuntu-Description: Notes: dannf> Debian should probably "fix" this by suggesting a limit (ulimit -i) on the number of pending signals kees> Pending signals limit is now set by pam 0.99.x. jmm> d02479bdeb1c9b037892061cdcf4e730183391fa dannf> The milw0rm exploit seems to still work on 2.6.24, so I don't think the d02479b changeset changed this behavior. Bugs: upstream: released (2.6.23-rc4) linux-2.6: released (2.6.23-1) 2.6.18-etch-security: ignored (2.6.18.dfsg.1-13etch6) "no upstream patch" 2.6.24-etch-security: ignored "no upstream patch" 2.6.26-lenny-security: ignored "no upstream patch" 2.6.8-sarge-security: ignored (2.6.8-17sarge1) "no upstream patch" 2.4.27-sarge-security: N/A "No posix-timers.c" 2.6.15-dapper-security: ignore (no upstream patch) 2.6.17-edgy-security: ignore (no upstream patch) 2.6.20-feisty: ignore (no upstream patch)