101436 – Local DoS through stack fault exceptions (CAN-2005-1767)

Bug 101436 - Local DoS through stack fault exceptions (CAN-2005-1767)

Summary: Local DoS through stack fault exceptions (CAN-2005-1767)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	[linux < 2.6.12]
Keywords:

Depends on:
Blocks:

Reported:	2005-08-05 06:34 UTC by Thierry Carrez (RETIRED)
Modified:	2009-05-03 15:33 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thierry Carrez (RETIRED) gentoo-dev

2005-08-05 06:34:29 UTC

In SuSE latest kernel advisory :

- local users could crash the system by causing stack fault
  exceptions (CAN-2005-1767)

Comment 1 Tim Yamin (RETIRED) gentoo-dev

2005-08-15 14:32:34 UTC

> SUSE Linux 9.0 and SLES8 are affected.

Must be something older than 2.6.5 for SLES9 and something 2.4.21 based for
SLES8 and we don't have anything that old in the tree. Closing bug.

Comment 2 Thierry Carrez (RETIRED) gentoo-dev

2005-09-26 00:54:05 UTC

It's back in latest Ubuntu's advisory, and bites their 2.6.8 and/or 2.6.10 :

A Denial of Service vulnerability was detected in the stack segment
fault handler. A local attacker could exploit this by causing stack
fault exceptions under special circumstances (scheduling), which lead
to a kernel crash. (CAN-2005-1767)

Reopen to doublecheck, better safe than sorry.

Comment 3 Tim Yamin (RETIRED) gentoo-dev

2005-11-26 04:06:49 UTC

Closing as fixed as this was fixed in 2.6.12 upstream.