Home page logo

bugtraq logo Bugtraq mailing list archives

Re: [Full-disclosure] [ Suresec Advisories ] - Linux kernel ia32 compatibility (ia64/x86-64) race condition
From: Juergen Schmidt <ju () heisec de>
Date: Mon, 11 Jul 2005 13:50:14 +0200 (CEST)

On Mon, 11 Jul 2005, Suresec Advisories wrote:

Suresec Security Advisory  - #00004

Linux kernel ia32 compatibility race condition
Advisory: http://www.suresec.org/advisories/adv4.pdf <http://www.suresec.org/advisories/adv3.pdf>


A race condition vulnerability has been found in the ia32 compatibility
execve() systemcall. The race condition may lead to heap corruption.


Exploitation of this vulnerability may results in panics, oopses or
in the worst case code exection at ring 0.


The vulnerability was discovered by Ilja van Sprundel.


While there is no official patch for 2.4 there is one form Andi Kleen in
the HF kernel series:


Changelog From 2.4.31 to 2.4.31-hf1 (semi-automated)
'+' = added ; '-' = removed

+ 2.4.31-x86_64-ia64-32bit-execve-overflow-1                       (Andi

  [PATCH] Fix buffer overflow in x86-64/ia64 32bit execve
  Fix buffer overflow in x86-64/ia64 32bit execve. Originally noted
  by Ilja van Sprundel. I fixed it for both x86-64 and IA64. Other
  architectures are not affected.

The HF series presents hotfixes for kernels 2.4.[29-31]. See:


bye, ju

Juergen Schmidt       Chefredakteur  heise Security     www.heisec.de
Heise Zeitschriften Verlag,    Helstorferstr. 7,       D-30625 Hannover
Tel. +49 511 5352 300      FAX +49 511 5352 417       EMail ju () heisec de
GPG-Key: 0x38EA4970,  5D7B 476D 84D5 94FF E7C5  67BE F895 0A18 38EA 4970

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]