BugTraq
Re: [Full-disclosure] [ Suresec Advisories ] - Linux kernel ia32 compatibility (ia64/x86-64) race condition Jul 11 2005 11:50AM
Juergen Schmidt (ju heisec de)
On Mon, 11 Jul 2005, Suresec Advisories wrote:

> Suresec Security Advisory - #00004
> 10/07/05
>
> Linux kernel ia32 compatibility race condition
> Advisory: http://www.suresec.org/advisories/adv4.pdf <http://www.suresec.org/advisories/adv3.pdf>
>
> Description:
>
> A race condition vulnerability has been found in the ia32 compatibility
> execve() systemcall. The race condition may lead to heap corruption.
>
> Risk:
>
> Exploitation of this vulnerability may results in panics, oopses or
> in the worst case code exection at ring 0.
>
> Credit:
>
> The vulnerability was discovered by Ilja van Sprundel.

FYI:

While there is no official patch for 2.4 there is one form Andi Kleen in
the HF kernel series:

http://linux.exosec.net/kernel/2.4-hf/2.4.31/LATEST/CHANGELOG

---
Changelog From 2.4.31 to 2.4.31-hf1 (semi-automated)
---------------------------------------
'+' = added ; '-' = removed

...
+ 2.4.31-x86_64-ia64-32bit-execve-overflow-1 (Andi
Kleen)

[PATCH] Fix buffer overflow in x86-64/ia64 32bit execve
Fix buffer overflow in x86-64/ia64 32bit execve. Originally noted
by Ilja van Sprundel. I fixed it for both x86-64 and IA64. Other
architectures are not affected.
----

The HF series presents hotfixes for kernels 2.4.[29-31]. See:

http://linux.exosec.net/kernel/2.4-hf/

bye, ju

--
Juergen Schmidt Chefredakteur heise Security www.heisec.de
Heise Zeitschriften Verlag, Helstorferstr. 7, D-30625 Hannover
Tel. +49 511 5352 300 FAX +49 511 5352 417 EMail ju (at) heisec (dot) de [email concealed]
GPG-Key: 0x38EA4970, 5D7B 476D 84D5 94FF E7C5 67BE F895 0A18 38EA 4970

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus