Date: Sat, 5 Jul 2014 01:33:28 +0400 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Subject: Re: CVE-2014-4699: Linux ptrace bug Thanks for posting this, Andy! On Fri, Jul 04, 2014 at 02:05:08PM -0700, Andy Lutomirski wrote: > Upstream commit b9cd18de4db3c9ffa7e17b0dc0ca99ed5aa4d43a fixes a > ptrace bug. http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9cd18de4db3c9ffa7e17b0dc0ca99ed5aa4d43a > The exact scope of the bug is somewhat unclear right now. It's clear that this problem is specific to x86_64, though, and I think you omitted this detail inadvertently (it is clear from the commit). > I see no reason why the bug should not be present as far back as Linux > 2.6.17, but it seems to be difficult to reproduce on old kernels. > > There is some ongoing discussion on linux-distros about the impact and > applicability of this bug. > > More details and a PoC to follow some time next week. I think it's OK to hold the PoC, but most discussion of the bug should move in here. Thanks again, Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ