lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.58.0507111345410.13557@loki.ct.heise.de> Date: Mon Jul 11 12:50:20 2005 From: ju at heisec.de (Juergen Schmidt) Subject: [ Suresec Advisories ] - Linux kernel ia32 compatibility (ia64/x86-64) race condition On Mon, 11 Jul 2005, Suresec Advisories wrote: > Suresec Security Advisory - #00004 > 10/07/05 > > Linux kernel ia32 compatibility race condition > Advisory: http://www.suresec.org/advisories/adv4.pdf <http://www.suresec.org/advisories/adv3.pdf> > > Description: > > A race condition vulnerability has been found in the ia32 compatibility > execve() systemcall. The race condition may lead to heap corruption. > > Risk: > > Exploitation of this vulnerability may results in panics, oopses or > in the worst case code exection at ring 0. > > Credit: > > The vulnerability was discovered by Ilja van Sprundel. FYI: While there is no official patch for 2.4 there is one form Andi Kleen in the HF kernel series: http://linux.exosec.net/kernel/2.4-hf/2.4.31/LATEST/CHANGELOG --- Changelog From 2.4.31 to 2.4.31-hf1 (semi-automated) --------------------------------------- '+' = added ; '-' = removed ... + 2.4.31-x86_64-ia64-32bit-execve-overflow-1 (Andi Kleen) [PATCH] Fix buffer overflow in x86-64/ia64 32bit execve Fix buffer overflow in x86-64/ia64 32bit execve. Originally noted by Ilja van Sprundel. I fixed it for both x86-64 and IA64. Other architectures are not affected. ---- The HF series presents hotfixes for kernels 2.4.[29-31]. See: http://linux.exosec.net/kernel/2.4-hf/ bye, ju -- Juergen Schmidt Chefredakteur heise Security www.heisec.de Heise Zeitschriften Verlag, Helstorferstr. 7, D-30625 Hannover Tel. +49 511 5352 300 FAX +49 511 5352 417 EMail ju@...sec.de GPG-Key: 0x38EA4970, 5D7B 476D 84D5 94FF E7C5 67BE F895 0A18 38EA 4970
Powered by blists - more mailing lists