lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: 2 May 2004 09:41:39 -0000 From: chris <chris@...secure.net> To: bugtraq@...urityfocus.com Subject: PaX Linux Kernel 2.6 Patches DoS Advisory http://www.cr-secure.net Found by: borg (ChrisR-) A small bug in PaX was found. What is PaX? ----------------------- PaX is a collection of intrusion prevention patches for the Linux Kernel 2.2, 2.4, and 2.6. This advisory only affects the PaX patches for the 2.6 linux kernel. PaX is located at http://pax.grsecurity.net Impact? ------------------ Denial of service through putting the kernel into an infinite loop when ASLR is enabled. Vulnerable PaX code? ----------------------- (sorry for white space) ==================================================== 'linux/mm/mmap.c' if (start_addr != TASK_UNMAPPED_BASE) { #ifdef CONFIG_PAX_RANDMMAP if (current->flags & PF_PAX_RANDMMAP) start_addr = addr = TASK_UNMAPPED_BASE + mm->delta_mmap; else #endif start_addr = addr = TASK_UNMAPPED_BASE; goto full_search; } return -ENOMEM; ==================================================== And the correct code, grab the patch at http://pax.grsecurity.net/pax-linux-2.6.5-200405011700.patch ===================================================== Exploit Code? ----------------------- Im not releasing my exploit code for this just yet. Pherhaps I never will. But its very simple code, simple enough to do in 2 lines. Your not getting anymore proof of concept code from me on any advisories. Fix? ----------------------- PaX team is aware of the problem and has already released a fix for this on the PaX homepage. Thanks and greets: Mattjf, TLharris, Shrike, think, and efnet #cryptography http://www.cr-secure.net chris@...secure.net
Powered by blists - more mailing lists