oss-sec mailing list archives
Re: 2.6.25.10 security fixes, please assign CVE id
From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 8 Jul 2008 13:59:50 -0400 (EDT)
On Thu, 3 Jul 2008, Marcus Meissner wrote:
2. http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commitdiff;h=1e9a615bfce7996ea4d815d45d364b47ac6a74e8 is an even better one, it allows one to overflow the task struct refcount (a 32 bit atomic_t on the affected amd64) and cause its subsequent freeing with dangling references to it all over the place (including 'current' of the ptraced task itself). corresponding exploit avenues abound.
Use CVE-2008-3077, to be filled in later. - Steve
Current thread:
- 2.6.25.10 security fixes, please assign CVE id Marcus Meissner (Jul 03)
- Re: 2.6.25.10 security fixes, please assign CVE id Eugene Teo (Jul 08)
- Re: 2.6.25.10 security fixes, please assign CVE id Steven M. Christey (Jul 08)