oss-sec mailing list archives

Re: 2.6.25.10 security fixes, please assign CVE id

From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 8 Jul 2008 13:59:50 -0400 (EDT)


On Thu, 3 Jul 2008, Marcus Meissner wrote:

2.
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commitdiff;h=1e9a615bfce7996ea4d815d45d364b47ac6a74e8
is an even better one, it allows one to overflow the task struct refcount (a 32 bit atomic_t
on the affected amd64) and cause its subsequent freeing with dangling references to it all
over the place (including 'current' of the ptraced task itself). corresponding exploit avenues
abound.


Use CVE-2008-3077, to be filled in later.

- Steve

Current thread:

2.6.25.10 security fixes, please assign CVE id Marcus Meissner (Jul 03)
- Re: 2.6.25.10 security fixes, please assign CVE id Eugene Teo (Jul 08)
- Re: 2.6.25.10 security fixes, please assign CVE id Steven M. Christey (Jul 08)