Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: [Full-disclosure] [ Suresec Advisories ] - Linux kernel ia32 compatibility (ia64/x86-64) race condition
From: Juergen Schmidt <ju () heisec de>
Date: Mon, 11 Jul 2005 13:50:14 +0200 (CEST)

On Mon, 11 Jul 2005, Suresec Advisories wrote:

Suresec Security Advisory  - #00004
10/07/05

Linux kernel ia32 compatibility race condition
Advisory: http://www.suresec.org/advisories/adv4.pdf <http://www.suresec.org/advisories/adv3.pdf>

Description:

A race condition vulnerability has been found in the ia32 compatibility
execve() systemcall. The race condition may lead to heap corruption.

Risk:

Exploitation of this vulnerability may results in panics, oopses or
in the worst case code exection at ring 0.

Credit:

The vulnerability was discovered by Ilja van Sprundel.

FYI:

While there is no official patch for 2.4 there is one form Andi Kleen in
the HF kernel series:

http://linux.exosec.net/kernel/2.4-hf/2.4.31/LATEST/CHANGELOG

---
Changelog From 2.4.31 to 2.4.31-hf1 (semi-automated)
---------------------------------------
'+' = added ; '-' = removed

...
+ 2.4.31-x86_64-ia64-32bit-execve-overflow-1                       (Andi
Kleen)

  [PATCH] Fix buffer overflow in x86-64/ia64 32bit execve
  Fix buffer overflow in x86-64/ia64 32bit execve. Originally noted
  by Ilja van Sprundel. I fixed it for both x86-64 and IA64. Other
  architectures are not affected.
----

The HF series presents hotfixes for kernels 2.4.[29-31]. See:

http://linux.exosec.net/kernel/2.4-hf/

bye, ju

-- 
Juergen Schmidt       Chefredakteur  heise Security     www.heisec.de
Heise Zeitschriften Verlag,    Helstorferstr. 7,       D-30625 Hannover
Tel. +49 511 5352 300      FAX +49 511 5352 417       EMail ju () heisec de
GPG-Key: 0x38EA4970,  5D7B 476D 84D5 94FF E7C5  67BE F895 0A18 38EA 4970



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault