[kernel-sec-discuss] r953 - active
dannf at alioth.debian.org
dannf at alioth.debian.org
Fri Sep 21 16:28:01 UTC 2007
Author: dannf
Date: 2007-09-21 16:28:01 +0000 (Fri, 21 Sep 2007)
New Revision: 953
Modified:
active/CVE-2007-3731
Log:
flesh out, update etch status
Modified: active/CVE-2007-3731
===================================================================
--- active/CVE-2007-3731 2007-09-21 08:42:59 UTC (rev 952)
+++ active/CVE-2007-3731 2007-09-21 16:28:01 UTC (rev 953)
@@ -1,12 +1,24 @@
Candidate: CVE-2007-3731
References:
+ MISC:http://bugzilla.kernel.org/show_bug.cgi?id=8765
+ CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=29eb51101c02df517ca64ec472d7501127ad1da8
+ CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=a10d9a71bafd3a283da240d2868e71346d2aef6f
+ CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=248324
Description:
+ The Linux kernel 2.6.20 and 2.6.21 does not properly handle an invalid LDT
+ segment selector in %cs (the xcs field) during ptrace single-step operations,
+ which allows local users to cause a denial of service (NULL dereference and
+ OOPS) via certain code that makes ptrace PTRACE_SETREGS and PTRACE_SINGLESTEP
+ requests, related to the TRACE_IRQS_ON function, and possibly related to the
+ arch_ptrace function.
Ubuntu-Description:
Notes:
+ dannf> Note that the description is somewhat misleading - I can reproduce
+ on 2.6.18, so its not limited to 2.6.20 and 2.6.21
Bugs:
upstream:
linux-2.6:
-2.6.18-etch-security:
+2.6.18-etch-security: pending (2.6.18.dfsg.1-13etch3) [bugfix/ptrace-handle-bogus-selector.patch, bugfix/fixup-trace_irq-breakage.patch]
2.6.8-sarge-security:
2.4.27-sarge-security:
2.6.15-dapper-security:
More information about the kernel-sec-discuss
mailing list