[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.58.0507111345410.13557@loki.ct.heise.de>
Date: Mon, 11 Jul 2005 13:50:14 +0200 (CEST)
From: Juergen Schmidt <ju@...sec.de>
To: Suresec Advisories <advisories@...esec.org>
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Re: [ Suresec Advisories ] - Linux kernel ia32
compatibility (ia64/x86-64) race condition
On Mon, 11 Jul 2005, Suresec Advisories wrote:
> Suresec Security Advisory - #00004
> 10/07/05
>
> Linux kernel ia32 compatibility race condition
> Advisory: http://www.suresec.org/advisories/adv4.pdf <http://www.suresec.org/advisories/adv3.pdf>
>
> Description:
>
> A race condition vulnerability has been found in the ia32 compatibility
> execve() systemcall. The race condition may lead to heap corruption.
>
> Risk:
>
> Exploitation of this vulnerability may results in panics, oopses or
> in the worst case code exection at ring 0.
>
> Credit:
>
> The vulnerability was discovered by Ilja van Sprundel.
FYI:
While there is no official patch for 2.4 there is one form Andi Kleen in
the HF kernel series:
http://linux.exosec.net/kernel/2.4-hf/2.4.31/LATEST/CHANGELOG
---
Changelog From 2.4.31 to 2.4.31-hf1 (semi-automated)
---------------------------------------
'+' = added ; '-' = removed
...
+ 2.4.31-x86_64-ia64-32bit-execve-overflow-1 (Andi
Kleen)
[PATCH] Fix buffer overflow in x86-64/ia64 32bit execve
Fix buffer overflow in x86-64/ia64 32bit execve. Originally noted
by Ilja van Sprundel. I fixed it for both x86-64 and IA64. Other
architectures are not affected.
----
The HF series presents hotfixes for kernels 2.4.[29-31]. See:
http://linux.exosec.net/kernel/2.4-hf/
bye, ju
--
Juergen Schmidt Chefredakteur heise Security www.heisec.de
Heise Zeitschriften Verlag, Helstorferstr. 7, D-30625 Hannover
Tel. +49 511 5352 300 FAX +49 511 5352 417 EMail ju@...sec.de
GPG-Key: 0x38EA4970, 5D7B 476D 84D5 94FF E7C5 67BE F895 0A18 38EA 4970
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists