blob: eb3a56dd39e41b0f7eac4f9ea402a88f93082c89 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
Candidate: CVE-2005-0178
References:
CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@41ddda70CWJb5nNL71T4MOlG2sMG8A
CONECTIVA:CLA-2005:930
URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
REDHAT:RHSA-2005:092
URL:http://www.redhat.com/support/errata/RHSA-2005-092.html
BUGTRAQ:20050215 [USN-82-1] Linux kernel vulnerabilities
URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=110846102231365&w=2
Description:
Race condition in the setsid function in Linux before 2.6.8.1 allows local
users to cause a denial of service (crash) and possibly access portions of
kernel memory, related to TTY changes, locking, and semaphores.
Notes:
dannf> Alan Cox suggested that this is not a 2.4 issue:
Alan> Is it actually needed for 2.4. In the 2.4 case your controlling tty is
Alan> private not thread group so a setsid() can't race because you can't
Alan> setsid in the same thread as is opening current->tty.
Bugs:
upstream: released (2.6.8.1, 2.6.11)
linux-2.6: N/A
2.6.8-sarge-security: released (2.6.8-14) [setsid-race.dpatch]
2.4.27-sarge-security: N/A
2.4.19-woody-security: N/A
2.4.18-woody-security: N/A
2.4.17-woody-security: N/A
2.4.16-woody-security: N/A
2.4.17-woody-security-hppa: N/A
2.4.17-woody-security-ia64: N/A
2.4.18-woody-security-hppa: N/A
|
