oss-sec mailing list archives
Re: CVE-2008-2365 kernel: ptrace: Crash on PTRACE_{ATTACH,DETACH} race -- affecting kernel versions <= 2.6.25
From: Marcus Meissner <meissner () suse de>
Date: Mon, 14 Jul 2008 16:47:23 +0200
On Thu, Jun 26, 2008 at 04:53:38PM +0200, Jan Lieskovsky wrote:
Hello guys, wanted to inform you about recently discovered utrace/ptrace attach and detach race condition affecting Linux kernel from versions 2.6.9 up to the upstream one (< 2.6.25). The upstream Linux kernel version got already patched with the following three patches, which resolve this issue: http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commit;h=5ecfbae093f0c37311e89b29bfc0c9d586eace87 http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commit;h=f5b40e363ad6041a96e3da32281d8faa191597b9 http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commit;h=f358166a9405e4f1d8e50d8f415c26d95505b6de
Jan, these patches are from 2006 and were even fixed in a 2.6.16.x stable release... and the code was rewritten in 2.6.17 as far as I can see. So is 2.6.25 really the upper bound? Ciao, Marcus
Current thread:
- Re: CVE-2008-2365 kernel: ptrace: Crash on PTRACE_{ATTACH,DETACH} race -- affecting kernel versions <= 2.6.25 Marcus Meissner (Jul 14)