Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Mon, 14 Jul 2008 16:47:23 +0200
From: Marcus Meissner <meissner@...e.de>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2008-2365 kernel: ptrace: Crash on
	PTRACE_{ATTACH,DETACH} race -- affecting kernel versions <= 2.6.25

On Thu, Jun 26, 2008 at 04:53:38PM +0200, Jan Lieskovsky wrote:
> Hello guys,
> 
>   wanted to inform you about recently discovered utrace/ptrace
> attach and detach race condition affecting Linux kernel from versions
> 2.6.9 up to the upstream one (< 2.6.25).
> The upstream Linux kernel version got already patched with the following
> three patches, which resolve this issue:
> 
> http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commit;h=5ecfbae093f0c37311e89b29bfc0c9d586eace87
> http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commit;h=f5b40e363ad6041a96e3da32281d8faa191597b9
> http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commit;h=f358166a9405e4f1d8e50d8f415c26d95505b6de

Jan, these patches are from 2006 and were even fixed in a 2.6.16.x stable release...
and the code was rewritten in 2.6.17 as far as I can see.

So is 2.6.25 really the upper bound?

Ciao, Marcus

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.