Candidate: CVE-2005-3783 References: http://www.kernel.org/git/?p=linux/kernel/git/gregkh/linux-2.6.14.y.git;a=commit;h=082d52c56f642d21b771a13221068d40915a1409 http://www.kernel.org/git/?p=linux/kernel/git/gregkh/linux-2.6.14.y.git;a=blobdiff;h=fcfc4568b45f3f190ba320b0d5853836921cb8bc;hp=019e04ec065a55d8f28157d3a1f7ba06cafd347f;hb=082d52c56f642d21b771a13221068d40915a1409;f=kernel/ptrace.c Description: The ptrace functionality (ptrace.c) in Linux kernel 2.6 before 2.6.14.2, using CLONE_THREAD, does not use the thread group ID to check whether it is attaching to itself, which allows local users to cause a denial of service (crash). Notes: Bugs: upstream: released (2.4.33-pre1, 2.6.14.2) linux-2.6: released (2.6.14-3) 2.6.8-sarge-security: released (2.6.8-16sarge2) [ptrace-fix_self-attach_rule.dpatch] 2.4.27-sarge-security: released (2.4.27-10sarge2) [201_ptrace-fix_self-attach_rule.diff] 2.4.19-woody-security: 2.4.18-woody-security: 2.4.17-woody-security: 2.4.16-woody-security: 2.4.17-woody-security-hppa: 2.4.17-woody-security-ia64: 2.4.18-woody-security-hppa: