Ubuntu
linux-meta package

[CVE-2007-5500] [linux-source] possible DoS in ptrace attach logic

Bug #173849 reported by disabled.user
254
Affects Status Importance Assigned to Milestone
linux-meta (Ubuntu)
New
Undecided
Unassigned

Bug Description

Binary package hint: linux-source

References:
[1] CVE-2007-5500 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5500)
[2] SUSE-SA:2007:063

Quoting [1]:
"The wait_task_stopped function in the Linux kernel before 2.6.23.8 checks a TASK_TRACED bit instead of an exit_state value, which allows local users to cause a denial of service (machine crash) via unspecified vectors. NOTE: some of these details are obtained from third party information."

Quoting [2]:
"A buggy condition in the ptrace attach logic can be used by local attackers to hang the machine."

CVE References

Revision history for this message
disabled.user (disabled.user-deactivatedaccount) wrote :

See also:
DSA-1428-1 (http://www.debian.org/security/2007/dsa-1428)

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.