CVE-2008-2365 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-2365
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-2365

Description: Race condition in the ptrace and utrace support in the Linux kernel 2.6.9 through 2.6.25, as used in Red Hat Enterprise Linux (RHEL) 4, allows local users to cause a denial of service (oops) via a long series of PTRACE_ATTACH ptrace calls to another user's process that trigger a conflict between utrace_detach and report_quiescent, related to "late ptrace_may_attach() check" and "race around &dead_engine_ops setting," a different vulnerability than CVE-2007-0771 and CVE-2008-1514. NOTE: this issue might only affect kernel versions before 2.6.16.x.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/43567 UBUNTU http://www.ubuntu.com/usn/usn-625-1 ST 1020362 SREASON http://securityreason.com/securityalert/3965 SAID Secunia Advisory: SA30850 Secunia Advisory: SA31107 REDHAT http://rhn.redhat.com/errata/RHSA-2008-0508.html MLIST http://www.openwall.com/lists/oss-security/2008/07/14/1 http://www.openwall.com/lists/oss-security/2008/06/26/1 http://marc.info/?l=linux-kernel&m=117863520707703&w=2 MISC http://sources.redhat.com/cgi-bin/cvsweb.cgi/~checkout~/tests/ptrace-tests/tests/late-ptrace-may-attach-check.c?cvsroot=systemtap CONFIRM http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commit;h=f5b40e363ad6041a96e3da32281d8faa191597b9 http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commit;h=f358166a9405e4f1d8e50d8f415c26d95505b6de http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commit;h=5ecfbae093f0c37311e89b29bfc0c9d586eace87 BID 29945

Return to the previous page.