lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Mon Jul 11 12:50:20 2005
From: ju at heisec.de (Juergen Schmidt)
Subject: [ Suresec Advisories ] - Linux kernel ia32
	compatibility (ia64/x86-64) race condition

On Mon, 11 Jul 2005, Suresec Advisories wrote:

> Suresec Security Advisory  - #00004
> 10/07/05
>
> Linux kernel ia32 compatibility race condition
> Advisory: http://www.suresec.org/advisories/adv4.pdf <http://www.suresec.org/advisories/adv3.pdf>
>
> Description:
>
> A race condition vulnerability has been found in the ia32 compatibility
> execve() systemcall. The race condition may lead to heap corruption.
>
> Risk:
>
> Exploitation of this vulnerability may results in panics, oopses or
> in the worst case code exection at ring 0.
>
> Credit:
>
> The vulnerability was discovered by Ilja van Sprundel.

FYI:

While there is no official patch for 2.4 there is one form Andi Kleen in
the HF kernel series:

http://linux.exosec.net/kernel/2.4-hf/2.4.31/LATEST/CHANGELOG

---
Changelog From 2.4.31 to 2.4.31-hf1 (semi-automated)
---------------------------------------
'+' = added ; '-' = removed

...
+ 2.4.31-x86_64-ia64-32bit-execve-overflow-1                       (Andi
Kleen)

  [PATCH] Fix buffer overflow in x86-64/ia64 32bit execve
  Fix buffer overflow in x86-64/ia64 32bit execve. Originally noted
  by Ilja van Sprundel. I fixed it for both x86-64 and IA64. Other
  architectures are not affected.
----

The HF series presents hotfixes for kernels 2.4.[29-31]. See:

http://linux.exosec.net/kernel/2.4-hf/

bye, ju

-- 
Juergen Schmidt       Chefredakteur  heise Security     www.heisec.de
Heise Zeitschriften Verlag,    Helstorferstr. 7,       D-30625 Hannover
Tel. +49 511 5352 300      FAX +49 511 5352 417       EMail ju@...sec.de
GPG-Key: 0x38EA4970,  5D7B 476D 84D5 94FF E7C5  67BE F895 0A18 38EA 4970

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ