Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 270330 (CVE-2009-1527)

Summary: Kernel: ptrace_attach: fix the usage of ->cred_exec_mutex (CVE-2009-1527)
Product: Gentoo Security Reporter: Robert Buchholz (RETIRED) <rbu>
Component: KernelAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: kernel
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cad81bc2529ab8c62b6fdc83a1c0c7f4a87209eb
Whiteboard: [linux >=2.6.29 <2.6.29.3] [gp >=2.6.29-1 <2.6.29-6]
Package list:
Runtime testing required: ---

Description Robert Buchholz (RETIRED) gentoo-dev 2009-05-18 17:39:36 UTC 
CVE-2009-1527 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1527):
  Race condition in the ptrace_attach function in kernel/ptrace.c in
  the Linux kernel before 2.6.30-rc4 allows local users to gain
  privileges via a PTRACE_ATTACH ptrace call during an exec system call
  that is launching a setuid application, related to locking an
  incorrect cred_exec_mutex object.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2009-05-18 17:45:07 UTC 
note this allows for local root compromise:
http://milw0rm.org/exploits/8673
Comment 2 kfm 2009-07-24 04:06:37 UTC 
This does not affect <2.6.29 (the code is different). I tried the exploit against 2.6.28.10 and it did not prevail. Eugene Teo, of Red Hat, said:

"This vulnerability was introduced in commit d84f4f99 ("CRED: Inaugurate
COW credentials"), and was fixed in commit cad81bc2 ("ptrace:
ptrace_attach: fix the usage of ->cred_exec_mutex"). It affects kernel 2.6.29."

Source: http://marc.info/?l=oss-security&m=124141149127926&w=2