|
 |
| SecurityReason | ||
| WLB | ||
| RSS | ||
| Corporate | ||
| Services | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
| Details : SecurityAlert | ||||
 SecurityAlert : 3965 CVE : CVE-2008-2365 CWE : CWE-362 SecurityRisk : Low  (About) Remote Exploit : No Local Exploit : Yes Victim interaction required : No Exploit Given : No Credit : Alexey Dobriyan Published : 02.07.2008
Advisory Text : Regardless of future of "struct utrace utrace;" patch looks like there is another race: engine's flags and ops settings in utrace_detach() and acting on them in report_quiescent(): utrace_detach() report_quiescent() --------------- ------------------ [utrace lock held] [utrace lock is not held] engine->flags = UTRACE_EVENT(QUIESCE) | UTRACE_ACTION_QUIESCE; if (engine->flags & UTRACE_EVENT(QUIESCE)) REPORT(report_quiesce); rcu_assign_pointer(engine->ops, &dead_engine_ops); At the moment of REPORT call engine's ops are still "live" ptrace ops which do not have ->report_quiesce callback. So, there will oops while calling function at NULL address. "Dead" ptrace engine ops do have dummy callback but it wasn't yet glued. I hit this once with "struct utrace utrace;" patch applied, but this bug is also present in stock utrace, I'm sure. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/ References : http://www.openwall.com/lists/oss-security/2008/06/26/1 http://rhn.redhat.com/errata/RHSA-2008-0508.html https://bugzilla.redhat.com/show_bug.cgi?id=449359 http://www.securityfocus.com/bid/29945 http://sources.redhat.com/cgi-bin/cvsweb.cgi/~checkout~/tests/ptrace-tests/ tests/late-ptrace-may-attach-check.c?cvsroot=systemtap http://marc.info/?l=linux-kernel&m=117863520707703&w=2 http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commi t;h=f5b40e363ad6041a96e3da32281d8faa191597b9 http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commi t;h=f358166a9405e4f1d8e50d8f415c26d95505b6de http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commi t;h=5ecfbae093f0c37311e89b29bfc0c9d586eace87 Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
*BSD libc (strfmon) Multiple vulnerabilities
Maksymilian Arciemowicz discovered a Integer Overflow vulnerability in the libc library "strfmon()" function.A vulnerability could allow an attacker who successfully exploits this vulnerability to take control of the affected *BSD systems. |
||
| Apache |  |
|
» Apache Tomcat <= |
||
| PHP | |
|
» PHP 5.2.5 and prior : |
||
- 2008-03-25| Copyright © SecurityReason. All Rights Reserved. |