CVE - CVE-2008-2365

CVE-ID
CVE-2008-2365	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Race condition in the ptrace and utrace support in the Linux kernel 2.6.9 through 2.6.25, as used in Red Hat Enterprise Linux (RHEL) 4, allows local users to cause a denial of service (oops) via a long series of PTRACE_ATTACH ptrace calls to another user's process that trigger a conflict between utrace_detach and report_quiescent, related to "late ptrace_may_attach() check" and "race around &dead_engine_ops setting," a different vulnerability than CVE-2007-0771 and CVE-2008-1514. NOTE: this issue might only affect kernel versions before 2.6.16.x.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MLIST:[linux-kernel] 20070508 Re: [PATCH -utrace] Move utrace into task_struct URL:http://marc.info/?l=linux-kernel&m=117863520707703&w=2 MLIST:[oss-security] 20080626 CVE-2008-2365 kernel: ptrace: Crash on PTRACE_{ATTACH,DETACH} race -- affecting kernel versions <= 2.6.25 URL:http://www.openwall.com/lists/oss-security/2008/06/26/1 MLIST:[oss-security] 20080714 Re: CVE-2008-2365 kernel: ptrace: Crash on PTRACE_{ATTACH,DETACH} race -- affecting kernel versions <= 2.6.25 URL:http://www.openwall.com/lists/oss-security/2008/07/14/1 MISC:http://sources.redhat.com/cgi-bin/cvsweb.cgi/~checkout~/tests/ptrace-tests/tests/late-ptrace-may-attach-check.c?cvsroot=systemtap CONFIRM:http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commit;h=5ecfbae093f0c37311e89b29bfc0c9d586eace87 CONFIRM:http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commit;h=f358166a9405e4f1d8e50d8f415c26d95505b6de CONFIRM:http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commit;h=f5b40e363ad6041a96e3da32281d8faa191597b9 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=449359 REDHAT:RHSA-2008:0508 URL:http://rhn.redhat.com/errata/RHSA-2008-0508.html UBUNTU:USN-625-1 URL:http://www.ubuntu.com/usn/usn-625-1 BID:29945 URL:http://www.securityfocus.com/bid/29945 OVAL:oval:org.mitre.oval:def:10749 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10749 SECTRACK:1020362 URL:http://www.securitytracker.com/id?1020362 SECUNIA:30850 URL:http://secunia.com/advisories/30850 SECUNIA:31107 URL:http://secunia.com/advisories/31107 SREASON:3965 URL:http://securityreason.com/securityalert/3965 XF:linux-kernel-ptraceattach-dos(43567) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/43567
Assigning CNA
N/A
Date Entry Created
20080521	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20080521)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org