| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 21 Oct 2010 23:46:29 +0200 From: Christian Borntraeger <borntraeger@...ibm.com> To: Mitchell Erblich <erblichs@...thlink.net> CC: linux-kernel@...r.kernel.org Subject: Re: Verification of SYScall changes because of CVE-2009-0029 Am 21.10.2010 07:40, schrieb Mitchell Erblich: > he ABI in the Linux kernel 2.6.28 and earlier on s390, powerpc, sparc64, and mips > 64-bit platforms requires that a 32-bit argument in a 64-bit register was properly > sign extended when sent from a user-mode application, but cannot verify this, which > allows local users to cause a denial of service (crash) or possibly gain privileges > via a crafted system call. > > Has anyone been able to verify (a program that exploits this issue) ? I found the problem with crashme and I was able to reduce the test to a 5 line C program - so yes, the problem can happen for real. The thing is that this was no generic exploit, the problem from the testcase existed only with specific gcc, kernel, syscall and architecture but there might be others - we dont know. So sorry, there is no generic test case that checks if the problem is fixed. Christian -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists